| #
bd66c1b4 |
| 20-Oct-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch
Libarchive 3.7.7
Security fixes:
#2158 rpm: calculate huge header sizes correctly
#2160 util: fix out of boundary access in mktemp functions
#2168 uu: stop p
libarchive: merge from vendor branch
Libarchive 3.7.7
Security fixes:
#2158 rpm: calculate huge header sizes correctly
#2160 util: fix out of boundary access in mktemp functions
#2168 uu: stop processing if lines are too long
#2174 lzop: prevent integer overflow
#2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
#2175 unzip: unify EOF handling
#2179 rar4: fix out of boundary access with large files
#2203 rar4: fix OOB access with unicode filenames
#2210 rar4: add boundary checks to rgb filter
#2248 rar4: fix OOB in delta filter
#2249 rar4: fix OOB in audio filter
#2256 fix multiple vulnerabilities identified by SAST
#2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
#2265 rar5: clear 'data ready' cache on window buffer reallocs
#2269 rar4: fix CVE-2024-26256 (CVE-2024-26256)
#2330 iso: be more cautious about parsing ISO-9660 timestamps
#2343 tar: clean up linkpath between entries
#2364 tar: don't crash on truncated tar archives
#2366 gzip: prevent a hang when processing a malformed gzip inside a gzip
#2377 tar: fix two leaks in tar header parsing
Important bugfixes:
#2096 rar5: report encrypted entries
#2150 xar: fix another infinite loop and expat error handling
#2173 shar: check strdup return value
#2161 lha: fix integer truncation on 32-bit systems
#2338 tar: fix memory leaks when processing symlinks or parsing pax headers
#2245 7zip: fix issue when skipping first file in 7zip archive that
is a multiple of 65536 bytes
#2252 7-zip: read/write symlink paths as UTF-8
#2259 rar5: don't try to read rediculously long names
#2290 ar: fix archive entries having no type
#2360 tar: fix truncation of entry pathnames in specific archives
CVE: CVE-2024-20696, CVE-2024-26256
PR: 282047 (exp-run)
MFC after: 1 week
show more ...
|
|
Revision tags: release/13.4.0, release/14.1.0 |
|
| #
b9128a37 |
| 16-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch
Libarchive 3.7.3
New features:
#1941 uudecode filter: support file name and file mode in raw mode
#1943 7-zip reader: translate Windows permissions into UNI
libarchive: merge from vendor branch
Libarchive 3.7.3
New features:
#1941 uudecode filter: support file name and file mode in raw mode
#1943 7-zip reader: translate Windows permissions into UNIX
permissions
#1962 zstd filter now supports the "long" write option
#2012 add trailing letter b to bsdtar(1) substitute pattern
#2031 PCRE2 support
#2054 add support for long options "--group" and "--owner" to tar(1)
Security fixes:
#2101 Fix possible vulnerability in tar error reporting introduced
in f27c173
Important bugfixes:
#1974 ISO9660: preserve the natural order of links
#2105 rar5: fix infinite loop if during rar5 decompression the last
block produced no data
#2027 xz filter: fix incorrect eof at the end of an lzip member
#2043 zip: fix end-of-data marker processing when decompressing zip
archives
PR: 278315 (exp-run)
MFC after: 1 week
show more ...
|
|
Revision tags: release/13.3.0, release/14.0.0, release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0, release/11.2.0 |
|
| #
a2a3407c |
| 24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324:
Sync libarchive with vendor.
Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
MFV r328323,328324:
Sync libarchive with vendor.
Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator
MFC after: 1 week
show more ...
|
| #
c2c014f2 |
| 07-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r323559 through r325504.
|
| #
d5db4328 |
| 01-Oct-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r324148
|
| #
5c831a5b |
| 01-Oct-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147:
Sync libarchive with vendor.
Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue
MFV r324145,324147:
Sync libarchive with vendor.
Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
OSS-Fuzz 2936: Place a limit on the mtree line length
OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)
MFC after: 1 week
Security: CVE-2017-14166, CVE-2017-14502
show more ...
|
|
Revision tags: release/10.4.0, release/11.1.0 |
|
| #
43f9e382 |
| 03-Apr-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316454,316455:
Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks
MFV r316454,316455:
Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Plug memory leaks in xattr tests.
MFC after: 1 week
show more ...
|
| #
e46d4714 |
| 24-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315875:
Sync libarchive with vendor.
Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and
MFV r315875:
Sync libarchive with vendor.
Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag
X-MFC with: 315636
show more ...
|
| #
4657548d |
| 20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635:
Sync libarchive with vendor
Vendor changes/bugfixes (FreeBSD-related):
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files w
MFV r315633, 315635:
Sync libarchive with vendor
Vendor changes/bugfixes (FreeBSD-related):
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
PR 880 (pax): Fix handling of "size" pax header keyword
PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
Break ACL read/write code into platform-specific source files
Unbreak static dependency on libbz2
MFC after: 1 week
show more ...
|
| #
64287048 |
| 02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)
Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading
MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)
Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Documentation, style, test suite improvements and typo fixes.
New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)
MFC after: 2 weeks
show more ...
|