FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=stable%2F10 2020-12-16T22:25:40Z 2020-12-16T22:25:40Z Martin Matuska mm@FreeBSD.org 2020-12-16T22:25:40Z urn:sha1:3ad46d07830bba44c479e2d19ce376212e52e9af MFC r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC r368607: Sync libarchive with vendor. Vendor changes: Issue #1461: Unbreak build without lzma Issue #1462: warc reader: Fix build with gcc11 Issue #1463: Fix code compatibility in test_archive_read_support.c Issue #1464: Use built-in strnlen on platforms where not available Issue #1465: warc reader: fix undefined behaviour in deconst() function 2020-06-12T23:02:34Z Martin Matuska mm@FreeBSD.org 2020-06-12T23:02:34Z urn:sha1:918c81b92db897ca8cd7c45fa17d06770517bb6c Update libarchive to 3.4.3 Relevant vendor changes: PR #1352: support negative zstd compression levels PR #1359: improve zstd version checking PR #1348: support RHT.security.selinux from GNU tar PR #1357: support for archives compressed with pzstd PR #1367: fix issues in acl tests PR #1372: child handling cleanup PR #1378: fix memory leak from passphrase callback 2020-02-19T01:51:44Z Martin Matuska mm@FreeBSD.org 2020-02-19T01:51:44Z urn:sha1:55f1ebd2ad2abb6260da67519c51b42de7b99c27 Update libarchive to version 3.4.2 Relevant vendor changes (r356212): Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) Relevant vendor changes (r356366): Issue #1302: Plug memory leak on failure of archive_write_client_open() Relevant vendor changes (r356416): Issue #1302: Re-do fix for archive_write_client_open() Relevant vendor changes (r357785): PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() 2019-07-11T00:22:10Z Martin Matuska mm@FreeBSD.org 2019-07-11T00:22:10Z urn:sha1:fa709acf62f2242cfab90006535da65eed0ad4cd Sync libarchive with vendor. Relevant vendor changes: PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary (OSS-Fuzz 15431) PR #1218: Fixes to sparse file handling 2019-06-28T22:36:27Z Martin Matuska mm@FreeBSD.org 2019-06-28T22:36:27Z urn:sha1:dcb89611eb6f6b4084a59c345e95af378d29acb9 Sync libarchive with vendor including security fixes r348993: - version bumped to 3.4.0 - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.c r349135: PR #1212: RAR5 reader - window_mask was not updated correctly (OSS-Fuzz 15278) OSS-Fuzz 15120: RAR reader - extend use after free bugfix 2019-06-04T10:36:26Z Martin Matuska mm@FreeBSD.org 2019-06-04T10:36:26Z urn:sha1:0498a411d0c564766aac16de0684cca20bb4f8c8 Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC r347999: Install missing data file for lib.libarchive.functional_test.test_read_format_zip_utf8_paths 2019-04-10T21:46:28Z Martin Matuska mm@FreeBSD.org 2019-04-10T21:46:28Z urn:sha1:23980249b8fc78eedcce66eb0cfa88b16512c917 Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 [1] 2019-02-28T22:57:09Z Martin Matuska mm@FreeBSD.org 2019-02-28T22:57:09Z urn:sha1:42efdf88683979406657ab3a59148e77537b000f MFC r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader MFC r344088: archive_read_disk_posix.c: initialize delayed_errno PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] 2018-12-21T23:33:28Z Martin Matuska mm@FreeBSD.org 2018-12-21T23:33:28Z urn:sha1:90e1fc4d10755c3a65dc160c5287cf9acf5716e4 Sync libarchive with vendor. Relevant vendor changes: PR #1013: Add missing h_base offset when performing absolute seeks in xar decompression PR #1023: Support extracting extattrs as non-root on non-user-writeable files PR #1061: Add support for extraction of RAR v5 archives PR #1066: Fix out of bounds read on empty string filename for gnutar, pax and v7tar PR #1067: Fix temporary file path buffer overflow in tests IS #1068: Correctly process and verify integer arguments passed to bsdcpio and bsdtar PR #1070: Don't default XAR entry atime/mtime to the current time PR #1080: Spelling fixes PR #1084: RAR5 reader bugfixes PR #1091: fix use-after-free in delayed newc link processing PR #1092: Fix a few obvious resource leaks and strcpy() misuses IS #1096: Support extracting ACLs with in-entry comments (GNU tar) PR #1102: RAR5 reader - fix big-endian problems PR #1105: Fix various crash, memory corruption and infinite loop conditions RAR5 reader: FreeBSD build platform fixes for powerpc(64), mips(64), sparc64 and riscv64 RAR5 reader: more maybe-uninitialized size_t fixes for riscv64 FreeBSD build 2018-02-03T02:17:25Z Martin Matuska mm@FreeBSD.org 2018-02-03T02:17:25Z urn:sha1:062b76cfdb3c534d227ab1141c3f34c381453c8d Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator