| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
#2147 archive_string: clean up strncat_from_utf8_to_utf8 (36047967a)
#2153 archive_match: check archive_read_support_format_raw()
return value (0ce1b4c38)
#2154 archive_match: turn counter into flag (287e05d53)
#2155 lha: Do not allow negative file sizes (93b11caed)
#2156 tests: setenv LANG to en_US.UTF-8 in bsdunzip test_I.c (83e8b0ea8)
Obtained from: libarchive
Libarchive commit: 83e8b0ea8c3b07e07ac3dee90a8724565f8e53fd
|
| |
|
|
|
|
|
|
|
|
|
| |
#2148 fix: OOB in rar delta filter (a1cb648d5)
#2149 fix: OOB in rar audio filter (3006bc5d0)
#2150 xar: Fix another infinite loop and expat error handling (b910cb70d)
Obtained from: libarchive
Libarchive commits: b910cb70d4c1b311c9d85cd536a6c91647c43df7
a1cb648d52f5b6d3f31184d9b6a7cbca628459b7
3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fixes:
#2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256)
#2145 zip: Fix out of boundary access
Important bugfixes:
#2131 7zip: Limit amount of properties
#2110 bsdtar: Fix error handling around strtol() usages
#2116 passphrase: Never allow empty passwords
#2124 rar: Fix "File CRC Error" when extracting specific rar4 archives
#2123 xar: Avoid infinite link loop
#2108 zip: Update AppleDouble support for directories
#2071 zstd: Implement core detection
Obained from: libarchive
Libarchive commit: 313aa1fa10b657de791e3202c168a6c833bc3543
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New features:
#1941 uudecode filter: support file name and file mode in raw mode
#1943 7-zip reader: translate Windows permissions into UNIX
permissions
#1962 zstd filter now supports the "long" write option
#2012 add trailing letter b to bsdtar(1) substitute pattern
#2031 PCRE2 support
#2054 add support for long options "--group" and "--owner" to tar(1)
Security fixes:
#2101 Fix possible vulnerability in tar error reporting introduced
in f27c173
Important bugfixes:
#1974 ISO9660: preserve the natural order of links
#2105 rar5: fix infinite loop if during rar5 decompression the last
block produced no data
#2027 xz filter: fix incorrect eof at the end of an lzip member
#2043 zip: fix end-of-data marker processing when decompressing zip
archives
Obtained from: libarchive
Libarchive commit: 4fcc02d906cca4b9e21a78a833f1142a2689ec52
|
| |
|
|
|
|
|
| |
Changes to not yet connected unzip command only.
Obtained from: libarchive
Libarchive commit: 1b4e0d0f9d445ba3e4d0c7db7ce0b30300572fe8
|
| |
|
|
|
|
|
| |
Changes to not yet connected unzip command only.
Obtained from: libarchive
Libarchive commit: 5c5a9f2b76ed51f060752b356c9e96ef3aee1baf
|
| |
|
|
|
|
|
| |
Changes to not yet connected unzip command only.
Obtained from: libarchive
Libarchive commit: 27ca5119f754d2d359a3cf4ac66c6672260a74d3
|
| |
|
|
|
|
|
|
|
|
|
| |
Important bugfixes (relevant to FreeBSD):
ISSUE #1934: stack buffer overflow in cpio verbose mode
ISSUE #1935: SEGV in cpio verbose mode
PR #1731 tar: respect --strip-components and -s patterns in cru modes
Obtained from: libarchive
Libarchive commit: 0e1e2b926aad81512a79a05c791b9dc7e0fa8715
Libarchive tag: v3.7.1
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Important changes (relevant to FreeBSD):
#1840 year 2038 fix for pax archives on platforms with 64-bit time_t
#1873 bsdunzip ported to libarchive from FreeBSD
#1894 read support for zstd compression in 7zip archives
#1918 ARM64 filter support in 7zip archives
Obtained from: libarchive
Libarchive commit: ee45796171324519f0c0bfd012018dd099296336
Libarchive tag: v3.7.0
|
| |
|
|
|
|
|
|
|
|
|
| |
Important changes (relevant to FreeBSD):
#1814 Do not account for NULL terminator when comparing with "TRAILER!!!"
#1818 Add ability to produce multi-frame zstd archives
#1860 Make single bit bitfields unsigned to avoid clang 16 warning
#1869 Fix FreeBSD builds with WARNS=6
Obtained from: libarchive
Libarchive commit: 1f3c62ebf4d492ac21d3099b3b064993100dd997
|
| |
|
|
|
|
|
|
|
|
|
| |
Important Bugfixes:
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL
Obtained from: libarchive
Libarchive commit: ba80276ccc3c941c4918ec6e2460059f0c525c43
Libarcive tag: v3.6.2
|
| |
|
|
|
|
|
|
|
|
| |
Bugfixes:
PR #1549: archive_digest: check return value of EVP_DigestInit()
- Improves OpenSSL 3.0 support
Obtained from: libarchive
Libarchive commit: 6c3301111caa75c76e1b2acb1afb2d71341932ef
Libarcive tag: v3.6.1
|
| |
|
|
|
|
|
|
|
|
|
| |
Bugfixes:
IS #1685 and OSS-Fuzz #38764:
(ISO reader) fix possible heap buffer overflow in read_children()
IS #1715 and OSS-Fuzz #46279:
(RARv4 reader) fix heap-use-after-free in run_filters()
Obtained from: libarchive
Libarchive commit: db714553712debbc447383f735e022031dc13127
|
| |
|
|
|
|
|
|
|
|
|
| |
Bugfixes:
IS #1672 and OSS-Fuzz #38766:
(zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init()
PR #1676: (mtree reader) remove the unused variable "detected_bytes"
PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5
Obtained from: libarchive
Libarchive commit: cfaa28168a07ea4a53276b63068f94fce37d6aff
|
| |
|
|
|
|
|
|
|
| |
Bugfixes:
OSS-Fuzz #44843 (security):
RAR reader: fix null-dereference in RAR (v4) filter code
Obtained from: libarchive
Libarchive commit: 1271f775dc917798ad7d03c3b3bd66bacad03603
|
| |
|
|
|
|
|
|
|
|
|
| |
Bugfixes:
OSS-Fuzz #44547 (security):
fix heap-use-after-free in RAR (v4) filter code
PR #1671:
Fix 7z PPMD reading beyond boundary
Obtained from: libarchive
Libarchive commit: 72ce1ff7c6857a7334baa05884e69b9264a2199c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libarchive 3.6.0
New features:
PR #1614: tar: new option "--no-read-sparse"
PR #1503: RAR reader: filter support
PR #1585: RAR5 reader: self-extracting archive support
New features (not used in FreeBSD base):
PR #1567: tar: threads support for zstd (#1567)
PR #1518: ZIP reader: zstd decompression support
Security Fixes:
PR #1491, #1492, #1493, CVE-2021-36976:
fix invalid memory access and out of bounds read in RAR5 reader
PR #1566, #1618, CVE-2021-31566:
extended fix for following symlinks when processing the fixup list
Other notable bugfixes and improvements:
PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
PR #1625: reduced size of application binaries
Obtained from: libarchive
Libarchive commit: 9147def1da7ad1bdd47b3559eb1bfeeb0e0f374b
Libarchive tag: v3.6.0
|
| |
|
|
|
|
|
|
| |
Reworked fix for upstream issue #1566:
Processing fixup entries may follow symbolic links
Obtained from: libarchive
Libarchive commit: 8a1bd5c18e896f0411a991240ce0d772bb02c840
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libarchive 3.5.2
New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompression
for ZIP archives
Important bugfixes:
IS #1044: fix extraction of hardlinks to symlinks
PR #1480: Fix truncation of size values during 7zip archive
extraction on 32bit architectures
PR #1504: fix rar header skiming
PR #1514: ZIP excessive disk read - fix location of central directory
PR #1520: fix double-free in CAB reader
PR #1521: Fixed leak of rar before ending with error
PR #1530: Handle short writes from archive_write_callback
PR #1532: 7zip: Use compression settings from file also for file header
IS #1566: do not follow symlinks when processing the fixup list
Obtained from: libarchive
Libarchive commit: 1b2c437b99b361c7692538fa373e99955e9b93ae
Libarchive tag: v3.5.2
|
| |
|
|
| |
Libarchive 3.5.1
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Vendor changes:
Issue #1461: Unbreak build without lzma
Issue #1462: warc reader: Fix build with gcc11
Issue #1463: Fix code compatibility in test_archive_read_support.c
Issue #1464: Use built-in strnlen on platforms where not available
Issue #1465: warc reader: fix undefined behaviour in deconst() function
Notes:
svn path=/vendor/libarchive/dist/; revision=368607
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libarchive 3.5.0
Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename
Notes:
svn path=/vendor/libarchive/dist/; revision=368207
svn path=/vendor/libarchive/3.5.0/; revision=368208; tag=vendor/libarchive/3.5.0
|
| |
|
|
|
|
|
|
| |
Two more cases of explicitly marking globals for internal linkage where they
need not be shared. Committed upstream as of a38e62314a1f.
Notes:
svn path=/vendor/libarchive/dist/; revision=365636
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libarchive 3.4.3
Relevant vendor changes:
PR #1352: support negative zstd compression levels
PR #1359: improve zstd version checking
PR #1348: support RHT.security.selinux from GNU tar
PR #1357: support for archives compressed with pzstd
PR #1367: fix issues in acl tests
PR #1372: child handling cleanup
PR #1378: fix memory leak from passphrase callback
Notes:
svn path=/vendor/libarchive/dist/; revision=361280
svn path=/vendor/libarchive/3.4.3/; revision=361281; tag=vendor/libarchive/3.4.3
|
| |
|
|
|
|
|
|
| |
Relevant vendor changes:
Issue #1341: Safe writes: improve error handling
Notes:
svn path=/vendor/libarchive/dist/; revision=358532
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Relevant vendor changes:
Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
PR #1331: cpio.5: fix hard link description
Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
Issue #1338: XAR reader: fix UBSan warning about undefined behavior
Issue #1339: bsdcpio_test: fix datatype in from_hex()
Issue #1341: Safe writes: delete temporary file if rename fails
Notes:
svn path=/vendor/libarchive/dist/; revision=358511
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libarchive 3.4.2
Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()
Notes:
svn path=/vendor/libarchive/dist/; revision=357783
svn path=/vendor/libarchive/3.4.2/; revision=357784; tag=vendor/libarchive/3.4.2
|
| |
|
|
|
|
|
|
| |
Relevant vendor changes:
Issue #1302: Re-do fix for archive_write_client_open()
Notes:
svn path=/vendor/libarchive/dist/; revision=356415
|
| |
|
|
|
|
|
|
| |
Relevant vendor changes:
Issue #1302: Plug memory leak on failure of archive_write_client_open()
Notes:
svn path=/vendor/libarchive/dist/; revision=356365
|
| |
|
|
|
|
|
|
| |
Libarchive 3.4.1
Notes:
svn path=/vendor/libarchive/dist/; revision=356197
svn path=/vendor/libarchive/3.4.1/; revision=356198; tag=vendor/libarchive/3.4.1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relevant vendor changes:
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)
Notes:
svn path=/vendor/libarchive/dist/; revision=356163
|
| |
|
|
|
|
|
|
|
|
| |
Relevant vendor changes:
Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
PR #1249: Correct some typographical and grammatical errors.
PR #1250: Minor corrections to the formatting of manual pages
Notes:
svn path=/vendor/libarchive/dist/; revision=352731
|
| |
|
|
|
|
|
|
|
|
| |
Relevant vendor changes:
PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary
(OSS-Fuzz 15431)
PR #1218: Fixes to sparse file handling
Notes:
svn path=/vendor/libarchive/dist/; revision=349454
|
| |
|
|
|
|
|
|
|
|
|
| |
Relevant vendor changes:
PR #1212: RAR5 reader - window_mask was not updated correctly
(OSS-Fuzz 15278)
OSS-Fuzz 15120: RAR reader - extend use after free bugfix
Add HAVE_UNLINKAT to config_freebsd.h
Notes:
svn path=/vendor/libarchive/dist/; revision=349134
|
| |
|
|
|
|
|
| |
- cosmetic changes only
Notes:
svn path=/vendor/libarchive/dist/; revision=348977
|
| |
|
|
|
|
|
|
|
|
|
| |
Relevant vendor changes (release 3.4.0):
- check_symlinks_fsobj() without chdir() and fchdir()
- bsdtar.1 manpage fixes
- patches from OpenBSD to libarchive_fe/passphrase.c
Notes:
svn path=/vendor/libarchive/dist/; revision=348971
svn path=/vendor/libarchive/3.4.0/; revision=348973; tag=vendor/libarchive/3.4.0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check
Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes
NOTE: a version bump of libarchive will happen in the following days
Notes:
svn path=/vendor/libarchive/dist/; revision=347989
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)
Notes:
svn path=/vendor/libarchive/dist/; revision=345495
|
| |
|
|
|
|
|
| |
archive_read_disk_posix.c: initialize delayed_errno
Notes:
svn path=/vendor/libarchive/dist/; revision=344088
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader
PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
Notes:
svn path=/vendor/libarchive/dist/; revision=344063
|
| |
|
|
|
|
|
|
| |
Relevant vendor changes:
PR #1105: Fix various crash, memory corruption and infinite loop conditions
Notes:
svn path=/vendor/libarchive/dist/; revision=342041
|
| |
|
|
|
|
|
|
| |
Relevant vendor changes:
PR #1107: RAR5 reader: removed an unused function: bf_is_last_block
Notes:
svn path=/vendor/libarchive/dist/; revision=342040
|
| |
|
|
|
|
|
|
| |
Relevant vendor changes:
PR #1102: RAR5 reader - fix big-endian problems
Notes:
svn path=/vendor/libarchive/dist/; revision=341771
|
| |
|
|
|
|
|
|
|
| |
Relevant vendor changes:
Issue #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1023: Support extracting extattrs as non-root on non-user-writable files
Notes:
svn path=/vendor/libarchive/dist/; revision=340938
|
| |
|
|
|
|
|
|
|
|
|
| |
Relevant vendor changes:
PR #1080: Spelling fixes
PR #1084: RAR5 reader bugfixes
PR #1091: fix use-after-free in delayed newc link processing
PR #1092: Fix a few obvious resource leaks and strcpy() misuses
Notes:
svn path=/vendor/libarchive/dist/; revision=340865
|
| |
|
|
|
|
|
|
|
| |
Relevant vendor changes:
RAR5 reader: more maybe-uninitialized size_t fixes for riscv64
FreeBSD build
Notes:
svn path=/vendor/libarchive/dist/; revision=339792
|
| |
|
|
|
|
|
|
|
| |
Relevant vendor changes:
RAR5 reader: FreeBSD build platform fixes for powerpc(64), mips(64),
sparc64 and riscv64
Notes:
svn path=/vendor/libarchive/dist/; revision=339750
|
| |
|
|
|
|
|
|
| |
Relevant ventor changes:
RAR5 reader: comment out unused constant
Notes:
svn path=/vendor/libarchive/dist/; revision=339644
|
| |
|
|
|
|
|
|
| |
Relevant ventor changes:
RAR5 reader: declare some constants static
Notes:
svn path=/vendor/libarchive/dist/; revision=339641
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relevant vendor changes:
PR #1013: Add missing h_base offset when performing absolute seeks in
xar decompression
PR #1061: Add support for extraction of RAR v5 archives
PR #1066: Fix out of bounds read on empty string filename for gnutar, pax
and v7tar
PR #1067: Fix temporary file path buffer overflow in tests
IS #1068: Correctly process and verify integer arguments passed to
bsdcpio and bsdtar
PR #1070: Don't default XAR entry atime/mtime to the current time
Notes:
svn path=/vendor/libarchive/dist/; revision=339640
|
