| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFC r368207:
Update libarchive to 3.5.0
Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename
MFC r368607:
Sync libarchive with vendor.
Vendor changes:
Issue #1461: Unbreak build without lzma
Issue #1462: warc reader: Fix build with gcc11
Issue #1463: Fix code compatibility in test_archive_read_support.c
Issue #1464: Use built-in strnlen on platforms where not available
Issue #1465: warc reader: fix undefined behaviour in deconst() function
Notes:
svn path=/stable/10/; revision=368708
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update libarchive to 3.4.3
Relevant vendor changes:
PR #1352: support negative zstd compression levels
PR #1359: improve zstd version checking
PR #1348: support RHT.security.selinux from GNU tar
PR #1357: support for archives compressed with pzstd
PR #1367: fix issues in acl tests
PR #1372: child handling cleanup
PR #1378: fix memory leak from passphrase callback
Notes:
svn path=/stable/10/; revision=362134
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
Relevant vendor changes:
Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
PR #1331: cpio.5: fix hard link description
Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
Issue #1338: XAR reader: fix UBSan warning about undefined behavior
Issue #1339: bsdcpio_test: fix datatype in from_hex()
Issue #1341: Safe writes: delete temporary file if rename fails.
Issue #1341: Safe writes: improve error handling
Notes:
svn path=/stable/10/; revision=358927
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update libarchive to version 3.4.2
Relevant vendor changes (r356212):
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)
Relevant vendor changes (r356366):
Issue #1302: Plug memory leak on failure of archive_write_client_open()
Relevant vendor changes (r356416):
Issue #1302: Re-do fix for archive_write_client_open()
Relevant vendor changes (r357785):
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()
Notes:
svn path=/stable/10/; revision=358090
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
MFC r316456:
Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.
MFC r352732:
Relevant vendor changes:
Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
PR #1249: Correct some typographical and grammatical errors.
PR #1250: Minor corrections to the formatting of manual pages
Notes:
svn path=/stable/10/; revision=353377
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
Relevant vendor changes:
PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary
(OSS-Fuzz 15431)
PR #1218: Fixes to sparse file handling
Notes:
svn path=/stable/10/; revision=349901
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor including security fixes
r348993:
- version bumped to 3.4.0
- check_symlinks_fsobj() without chdir() and fchdir()
- bsdtar.1 manpage fixes
- patches from OpenBSD to libarchive_fe/passphrase.c
r349135:
PR #1212: RAR5 reader - window_mask was not updated correctly
(OSS-Fuzz 15278)
OSS-Fuzz 15120: RAR reader - extend use after free bugfix
Notes:
svn path=/stable/10/; revision=349525
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check
Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes
MFC r347999:
Install missing data file for
lib.libarchive.functional_test.test_read_format_zip_utf8_paths
Notes:
svn path=/stable/10/; revision=348608
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader [1]
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)
PR: 236300 [1]
Notes:
svn path=/stable/10/; revision=346105
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFC r344063:
Sync libarchive with vendor.
Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader
MFC r344088:
archive_read_disk_posix.c: initialize delayed_errno
PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
Notes:
svn path=/stable/10/; revision=344674
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
Relevant vendor changes:
PR #1013: Add missing h_base offset when performing absolute seeks in
xar decompression
PR #1023: Support extracting extattrs as non-root on non-user-writeable
files
PR #1061: Add support for extraction of RAR v5 archives
PR #1066: Fix out of bounds read on empty string filename for gnutar, pax
and v7tar
PR #1067: Fix temporary file path buffer overflow in tests
IS #1068: Correctly process and verify integer arguments passed to
bsdcpio and bsdtar
PR #1070: Don't default XAR entry atime/mtime to the current time
PR #1080: Spelling fixes
PR #1084: RAR5 reader bugfixes
PR #1091: fix use-after-free in delayed newc link processing
PR #1092: Fix a few obvious resource leaks and strcpy() misuses
IS #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1102: RAR5 reader - fix big-endian problems
PR #1105: Fix various crash, memory corruption and infinite loop conditions
RAR5 reader: FreeBSD build platform fixes for powerpc(64), mips(64),
sparc64 and riscv64
RAR5 reader: more maybe-uninitialized size_t fixes for riscv64
FreeBSD build
Notes:
svn path=/stable/10/; revision=342361
|
| |
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
Relevant vendor changes:
PR #1019: Add allocation check for the zip_entry struct
Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly
Notes:
svn path=/stable/10/; revision=339006
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update libarchive to 3.3.3
As all important changes have already been merged from libarchive git
this is just a version number bump, documentation update and some
polishing for cpio tests. Other source code changes are not relevant to
FreeBSD.
Relnotes: yes
Notes:
svn path=/stable/10/; revision=338796
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor..
Vendor changes:
PR #1042: validate iso9660 directory record length
MFC after: 3 days
Security: CVE-2017-14501
Notes:
svn path=/stable/10/; revision=338034
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFH r336801 (cem):
Cherry-pick upstream 2c8c83b9
Relevant vendor changes:
Fix issue #948: out-of-bounds read in lha_read_data_none()
MFH r336854:
Sync libarchive with vendor.
Important vendor changes:
PR #993: Chdir to -C directory for metalog processing
OSS-Fuzz #4969: Check size of the extended time field in zip archives
PR #973: Record informational compression level in gzip header
amdbugs: 877
Security: CVE-2017-14503
Notes:
svn path=/stable/10/; revision=337352
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator
Notes:
svn path=/stable/10/; revision=328828
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
OSS-Fuzz 2936: Place a limit on the mtree line length
OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)
Security: CVE-2017-14166, CVE-2017-14502
Notes:
svn path=/stable/10/; revision=324418
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
Relevant vendor changes:
PR #926: ensure ar strtab is null terminated
PR: 220462
Notes:
svn path=/stable/10/; revision=322072
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bump libarchive to 3.3.2
Vendor changes:
PR #901: don't depend on stdin in a testcase
Relnotes: yes
Notes:
svn path=/stable/10/; revision=321304
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFC r317782 (mm):
Sync libarchive with vendor
Vendor changes (FreeBSD-related):
PR 897: add test for ZIP archives with invalid EOCD headers
PR 901: fix invalid renaming of sparse files
OSS-Fuzz issue 497: remove fallback tree in LZX decoder
OSS-Fuzz issue 527: rewrite expressions in lz4 filter
OSS-Fuzz issue 577: fix integer overflow in cpio reader
OSS-Fuzz issue 862: fix numerc parsing in mtree reader
OSS-Fuzz issue 1097: fix undefined shift in rar reader
cpio: various optimizations and memory leak fixes
MFC r318181 (ngie) (2):
cpio/tests/test_option_lz4: fix a use after free in the failure case
Reported by: Coverity (2)
Sponsored by: Dell EMC Isilon (2)
Notes:
svn path=/stable/10/; revision=318483
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor
Vendor changes/bugfixes (FreeBSD-related):
r315636:
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
PR 880 (pax): Fix handling of "size" pax header keyword
PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
Break ACL read/write code into platform-specific source files
r315876:
Store extended attributes with extattr_set_link() if no fd is provided
Add extended attribute tests to libarchive and bsdtar
Fix tar's test_option_acls
Support the UF_HIDDEN file flag
r316095:
Constify variables in several places
Unify platform ACL code in a single source file
Fix unused variable if compiling on FreeBSD without NFSv4 ACL support
Notes:
svn path=/stable/10/; revision=316338
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update libarchive to version 3.3.1 (and sync with latest vendor dist)
Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Documentation, style, test suite improvements and typo fixes.
New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)
Notes:
svn path=/stable/10/; revision=315433
|
| |
|
|
|
|
|
|
|
|
|
|
| |
MFC r313572:
Vendor bugfixes:
cpio reader sanity fix (OSS-Fuzz 504)
WARC reader sanity fixes (OSS-Fuzz 511, 526, 532, 552)
mtree reader time parsing fix (OSS-Fuzz 538)
XAR reader memleak fix (OSS-Fuzz 551)
Notes:
svn path=/stable/10/; revision=313929
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
MFC r313572:
Vendor bugfixes:
cpio reader sanity fix (OSS-Fuzz 504)
WARC reader sanity fixes (OSS-Fuzz 511, 526, 532, 552)
mtree reader time parsing fix (OSS-Fuzz 538)
XAR reader memleak fix (OSS-Fuzz 551)
MFC r313782:
Vendor changes:
Make SCHILY.acl.ace header more compact (NFSv4 ACLs)
Vendor bugfixes:
zip reader integer parsing fix (OSS-Fuzz 556)
spelling fixes (issue #863)
Notes:
svn path=/stable/10/; revision=313927
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
MFC r310866:
PR #771: Add NFSv4 ACL support to pax and restricted pax
NFSv4 ACL information may now be stored to and restored from tar archives.
ACL must be non-trivial and supported by the underlying filesystem, e.g.
natively by ZFS or by UFS with the NFSv4 ACL enable flag set.
MFC r310868:
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3
MFC r310870:
Use __LA_DEPRECATED macro with functions deprecated in 379867e
MFC r311903:
#691: Support for SCHILY.xattr extended attributes
#854: Spelling fixes
Multiple fixes in ACL code:
- prefer acl_set_fd_np() to acl_set_fd()
- if acl_set_fd_np() fails, do no fallback to acl_set_file()
- do not warn if trying to write ACLs to a filesystem without ACL support
- fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs
MFC r313074:
- support extracting NFSv4 ACLs from Solaris tar archives
- bugfixes and optimizations in the ACL code
- multiple fixes in the test suite
- typo and other small bugfixes
Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1()
(CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
(OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)
Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header()
(Coverity 101675)
- iso 9660 reader: missing free in parse_file_info()
(partial Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup()
(Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_local_file_header()
List of all libarchive issues at OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=libarchive
Security: CVE-2017-5601
Notes:
svn path=/stable/10/; revision=313571
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor.
Fixed vendor issues (relevant to FreeBSD)
#825, #832: Add sanity check of tar "uid, "gid" and "mtime" fields
#830, #831, #833, #846: Spelling fixes
#850: Fix issues with reading certain jar files
Fixed issues found by Google OSS-Fuzz:
OSS-Fuzz #15: Fix heap-buffer-overflow in archive_le16dec()
OSS-Fuzz #16: Fix possible hang in uudecode_filter_read()
OSS-Fuzz #139, #145, #152: Fix heap-buffer-overflow in uudecode_bidder_bid()
OSS-Fuzz #220: Reject an 'ar' filename table larger than 1GB or a filename
larger than 1MB
OSS-Fuzz #227, #230, #239: Fix possible memory leak in archive_read_free()
OSS-Fuzz #237: Fix heap buffer overflow when reading invalid ar archives
OSS-Fuzz #286: Bugfix in archive_strncat_l()
More information:
https://github.com/libarchive/libarchive/issues/[libarchive_issue_number]
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=[oss_fuzz_issue_number]
Notes:
svn path=/stable/10/; revision=311042
|
| |
|
|
|
|
|
|
|
|
|
|
| |
MFC r309869:
Merge changes from vendor to address several Coverity issues with
contrib/libarchive's tests
Obtained from: libarchive (ebe29c, fd0ea2, f9e3de)
Notes:
svn path=/stable/10/; revision=310570
|
| |
|
|
|
|
|
|
|
|
|
| |
Apply fix for libarchive issue #821:
"tar -P" cannot extract hardlinks through symlinks
PR: 213255
Reported by: Tijl Coosemans <tilj@FreeBSD.org>
Notes:
svn path=/stable/10/; revision=309702
|
| |
|
|
|
|
|
|
|
|
| |
Update libarchive to 3.2.2
Most of the post-3.2.1 fixes have already been merged. This update contains
just the version bump and some fixes to the test framework.
Notes:
svn path=/stable/10/; revision=308152
|
| |
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor. Style and tests fixes.
Important vendor bugfixes (relevant to FreeBSD):
#801: FreeBSD Coverity report: resource leak in libarchive/tar/test/main.c
Notes:
svn path=/stable/10/; revision=307798
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor including security fixes.
Important vendor bugfixes (relevant to FreeBSD):
#747: Out of bounds read in mtree parser
#761: heap-based buffer overflow in read_Header (7-zip)
#794: Invalid file on bsdtar command line results in internal errors (1)
PR: 213092 (1)
Notes:
svn path=/stable/10/; revision=307139
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor including important security fixes.
Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions
This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
Fix for vulnerability #2 has already been merged in r305192.
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
Notes:
svn path=/stable/10/; revision=306322
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor
Vendor issues fixed:
PR #777: Multiple bugfixes for setup_acls()
This includes a bugfix for a bug that caused ACLs not to be read properly
for files and directories inside subdirectories and as a result not being
stored or being incorrectly stored in tar archives.
Notes:
svn path=/stable/10/; revision=305755
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor including security fixes
Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length
MFC r304874:
Temporarily disable two libarchive tests that have not yet been fixed by
vendor. Tests will be re-enabled after a fix has been merged.
Notes:
svn path=/stable/10/; revision=305192
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
test_write_format_gnutar_filenames.c
PR: 204157 (1)
Notes:
svn path=/stable/10/; revision=302425
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update libarchive to 3.2.1 (bugfix and security fix release)
List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
(vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
(vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
(vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes
Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader
Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
Notes:
svn path=/stable/10/; revision=302295
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r299529,r299540:
Update libarchive to 3.2.0
New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive
r299576,r299896:
Fix broken cpio behavior.
Relnotes: yes
Notes:
svn path=/stable/10/; revision=302001
|
| |
|
|
|
|
|
|
|
| |
This is a direct commit to stable/10.
Security: CVE-2015-2304
Notes:
svn path=/stable/10/; revision=300361
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partially apply upstream changeset 6e06b1c8 (kientzle).
Limit filter recursion level to 25 (instead of infinite). This fixes a
potential crash issue discovered by Alexander Cherepanov.
PR: 207362
Reported by: Robert Clausecker
Obtained from: libarchive github project
Approved by: re (marius)
Notes:
svn path=/stable/10/; revision=295961
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFV r285970:
Apply upstream changeset bf4f6ec64e:
Fix issue 356: properly skip a sparse file entry in a tar file.
PR: 201506
Relnotes: yes
Notes:
svn path=/stable/10/; revision=286082
|
| |
|
|
|
|
|
| |
Don't segfault when reading malformed cpio archives.
Notes:
svn path=/stable/10/; revision=283259
|
| |
|
|
|
|
|
|
|
|
| |
Fix --one-file-system to include the directory encountered rather than
excluding it. This was broken in 3.0.4 (r238856).
Relnotes: yes
Notes:
svn path=/stable/10/; revision=281044
|
| |
|
|
|
|
|
|
|
|
|
|
| |
extattr_set_{fd,file,link} is logically a write(2)-like operation and
should return ssize_t, just like extattr_get_*. Also, the user-space
utility was using an int for the return value of extattr_get_* and
extattr_list_*, both of which return an ssize_t.
MFC after: 1 week
Notes:
svn path=/head/; revision=248995
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Limit write requests to at most INT_MAX.
This prevents a certain common programming error (passing -1 to write)
from leading to other problems deeper in the library.
References:
https://github.com/libarchive/libarchive/commit/22531545514043e0
Reported by: Xin Li <delphij@FreeBSD.org>
Obtained from: libarchive (master branch)
Notes:
svn path=/head/; revision=248664
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update libarchive to 3.1.2
Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support for __MACOSX directory in Zip archives
- support for lzop compresion (external utility)
Notes:
svn path=/head/; revision=248616
|
| |
|
|
|
|
|
| |
"2 hours ago".
Notes:
svn path=/head/; revision=246229
|
| |
|
|
|
|
|
|
|
|
| |
Source:
https://github.com/libarchive/libarchive/commit/f67370d5
Obtained from: libarchive (master branch)
Notes:
svn path=/head/; revision=238909
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Apply fix from vendor's master branch.
References:
https://github.com/libarchive/libarchive/commit/d8b9dbd
Reported on: freebsd-current@
Obtained from: libarchive
Notes:
svn path=/head/; revision=238882
|
| |
|
|
| |
Notes:
svn path=/head/; revision=238856
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.
Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes
Notes:
svn path=/head/; revision=232153
|
