Martin Matuska [Sun, 13 Dec 2020 15:29:19 +0000 (15:29 +0000)]
Update vendor/libarchive/dist to
b2c3ee7e2907511533eeb2a0f2ceecc1faa73185
Vendor changes:
Issue #1461: Unbreak build without lzma
Issue #1462: warc reader: Fix build with gcc11
Issue #1463: Fix code compatibility in test_archive_read_support.c
Issue #1464: Use built-in strnlen on platforms where not available
Issue #1465: warc reader: fix undefined behaviour in deconst() function
Martin Matuska [Tue, 1 Dec 2020 10:36:46 +0000 (10:36 +0000)]
Update vendor/libarchive/dist to git
833821f55b1807cac22a63a58b759a7802df2fb7
Libarchive 3.5.0
Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename
Kyle Evans [Fri, 11 Sep 2020 16:12:48 +0000 (16:12 +0000)]
libarchive: import fix for WARNS=6 builds in testing bits
Two more cases of explicitly marking globals for internal linkage where they
need not be shared. Committed upstream as of
a38e62314a1f.
Martin Matuska [Wed, 20 May 2020 16:13:02 +0000 (16:13 +0000)]
Update vendor/libarchive/dist to git
fc6563f5130d8a7ee1fc27c0e55baef35119f26c
Libarchive 3.4.3
Relevant vendor changes:
PR #1352: support negative zstd compression levels
PR #1359: improve zstd version checking
PR #1348: support RHT.security.selinux from GNU tar
PR #1357: support for archives compressed with pzstd
PR #1367: fix issues in acl tests
PR #1372: child handling cleanup
PR #1378: fix memory leak from passphrase callback
Martin Matuska [Mon, 2 Mar 2020 08:30:59 +0000 (08:30 +0000)]
Update vendor/libarchive/dist to git
f001f3b0e6a66a7eb989ed3783791c0316831202
Relevant vendor changes:
Issue #1341: Safe writes: improve error handling
Martin Matuska [Mon, 2 Mar 2020 02:12:53 +0000 (02:12 +0000)]
Update vendor/libarchive/dist to git
85b9f665b6a2d4397fdd38992152d011265e374b
Relevant vendor changes:
Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
PR #1331: cpio.5: fix hard link description
Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
Issue #1338: XAR reader: fix UBSan warning about undefined behavior
Issue #1339: bsdcpio_test: fix datatype in from_hex()
Issue #1341: Safe writes: delete temporary file if rename fails
Martin Matuska [Tue, 11 Feb 2020 23:48:03 +0000 (23:48 +0000)]
Update vendor/libarchive/dist to git
3288ebb0353beb51dfb09d444dedbe9235ead53d
Libarchive 3.4.2
Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()
Martin Matuska [Mon, 6 Jan 2020 13:13:58 +0000 (13:13 +0000)]
Update vendor/libarchive/dist to git
3f1bad815d02160ab27f7063257aed4b25dbaebe
Relevant vendor changes:
Issue #1302: Re-do fix for archive_write_client_open()
Martin Matuska [Sun, 5 Jan 2020 01:30:41 +0000 (01:30 +0000)]
Update vendor/libarchive/dist to git
5e270715b51d199467195b56f77e21cb8bb1d642
Relevant vendor changes:
Issue #1302: Plug memory leak on failure of archive_write_client_open()
Martin Matuska [Mon, 30 Dec 2019 02:39:14 +0000 (02:39 +0000)]
Update vendor/libarchive/dist to
cce09646b566c61c2debff58a70da780b8457883
Libarchive 3.4.1
Martin Matuska [Sat, 28 Dec 2019 23:40:32 +0000 (23:40 +0000)]
Update vendor/libarchive/dist to git
1dae5a549fe4ab99fd3a49a9edcf897a7b2b1844
Relevant vendor changes:
Issue #351: Refactor and implement private state logic for write filters
PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
PR #1255: zip writer - don't append unused NUL for directories
PR #1260: Fix sparse file offset overflow on 32-bit systems
PR #1263: UNICODE filename support for reading lha/lzh format
Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
PR #1288: Add the "xattrhdr" option to pax write options
PR #1295: 7z reader - fix reading archives with digests in PackInfo
PR #1296: RAR5 reader - verify window size for multivolume archives
PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
Fix possible off-by-one when dealing with readlink(2)
Martin Matuska [Thu, 26 Sep 2019 01:42:09 +0000 (01:42 +0000)]
Update vendor/libarchive/dist to git
2f3033ca23f8c21160506c3c7ac8a0df0d3fde42
Relevant vendor changes:
Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
PR #1249: Correct some typographical and grammatical errors.
PR #1250: Minor corrections to the formatting of manual pages
Martin Matuska [Thu, 27 Jun 2019 13:37:34 +0000 (13:37 +0000)]
Update vendor/libarchive/dist to git
d6d3799d6b309593f271c4c319dfba92efc95772
Relevant vendor changes:
PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary
(OSS-Fuzz 15431)
PR #1218: Fixes to sparse file handling
Martin Matuska [Mon, 17 Jun 2019 11:29:32 +0000 (11:29 +0000)]
Update vendor/libarchive/dist to git
809f0dc32fff7434aef45a7c688fa285c7208af7
Relevant vendor changes:
PR #1212: RAR5 reader - window_mask was not updated correctly
(OSS-Fuzz 15278)
OSS-Fuzz 15120: RAR reader - extend use after free bugfix
Add HAVE_UNLINKAT to config_freebsd.h
Martin Matuska [Tue, 11 Jun 2019 23:43:29 +0000 (23:43 +0000)]
Update vendor/libarchive/dist to git
91b5c59ada211293bd3d9fd6e803ebfc07085c04
- cosmetic changes only
Martin Matuska [Tue, 11 Jun 2019 23:16:13 +0000 (23:16 +0000)]
Update vendor/libarchive/dist to git
614110e76d9dbb9ed3e159a71cbd75fa3b23efe3
Relevant vendor changes (release 3.4.0):
- check_symlinks_fsobj() without chdir() and fchdir()
- bsdtar.1 manpage fixes
- patches from OpenBSD to libarchive_fe/passphrase.c
Martin Matuska [Mon, 20 May 2019 12:32:00 +0000 (12:32 +0000)]
Update vendor/libarchive/dist to git
b5818e39e128eca4951e2ab10467d4d850a2ba57
Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check
Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes
NOTE: a version bump of libarchive will happen in the following days
Martin Matuska [Mon, 25 Mar 2019 11:39:49 +0000 (11:39 +0000)]
Update vendor/libarchive/dist to git
3c079320b23ddf5ef38c443569c25898ad79ddb9
Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)
Martin Matuska [Wed, 13 Feb 2019 07:35:18 +0000 (07:35 +0000)]
Update vendor/libarchive/dist to git
3532bc32819b14bfd8a3a5e3d3554ce14d939940
archive_read_disk_posix.c: initialize delayed_errno
Martin Matuska [Tue, 12 Feb 2019 22:29:41 +0000 (22:29 +0000)]
Update vendor/libarchive/dist to git
31c0a517c91f44eeee717a04db8b075cadda83d8
Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader
PR: 233006 [3]
Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
Martin Matuska [Thu, 13 Dec 2018 11:15:14 +0000 (11:15 +0000)]
Update vendor/libarchive/dist to git
cef97307a3f681fcbb2cc02db6df3619a3f8b69c
Relevant vendor changes:
PR #1105: Fix various crash, memory corruption and infinite loop conditions
Martin Matuska [Thu, 13 Dec 2018 11:04:59 +0000 (11:04 +0000)]
Update vendor/libarchive/dist to git
7d6da880ae3e379d463137510bb4e8c65b6bfb36
Relevant vendor changes:
PR #1107: RAR5 reader: removed an unused function: bf_is_last_block
Martin Matuska [Sun, 9 Dec 2018 22:42:22 +0000 (22:42 +0000)]
Update vendor/libarchive/dist to git
851adb9602f1acdb090067bb4f297cd609dfa28c
Relevant vendor changes:
PR #1102: RAR5 reader - fix big-endian problems
Martin Matuska [Mon, 26 Nov 2018 11:01:51 +0000 (11:01 +0000)]
Update vendor/libarchive/dist to git
2c5e9bdbb62eeb56a37776f796c15ed16727193e
Relevant vendor changes:
Issue #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1023: Support extracting extattrs as non-root on non-user-writable files
Martin Matuska [Sat, 24 Nov 2018 01:15:08 +0000 (01:15 +0000)]
Update vendor/libarchive/dist to git
0e416f2fe757ad6841dbb3386a17d88b5c9f5533
Relevant vendor changes:
PR #1080: Spelling fixes
PR #1084: RAR5 reader bugfixes
PR #1091: fix use-after-free in delayed newc link processing
PR #1092: Fix a few obvious resource leaks and strcpy() misuses
Martin Matuska [Fri, 26 Oct 2018 21:15:36 +0000 (21:15 +0000)]
Update vendor/libarchive/dist to git
d661131393def793a9919d1e3fd54c9992888bd6
Relevant vendor changes:
RAR5 reader: more maybe-uninitialized size_t fixes for riscv64
FreeBSD build
Martin Matuska [Thu, 25 Oct 2018 23:10:06 +0000 (23:10 +0000)]
Update vendor/libarchive/dist to git
1266f6d281a6d7c6604a8c14cdad14dc83ea4b88
Relevant vendor changes:
RAR5 reader: FreeBSD build platform fixes for powerpc(64), mips(64),
sparc64 and riscv64
Martin Matuska [Tue, 23 Oct 2018 12:54:17 +0000 (12:54 +0000)]
Update vendor/libarchive/dist to git
b1dc8bb16e192d71442a94fdcd0096ba9e2946b4
Relevant ventor changes:
RAR5 reader: comment out unused constant
Martin Matuska [Tue, 23 Oct 2018 11:34:15 +0000 (11:34 +0000)]
Update vendor/libarchive/dist to git
58ae9e02093aa47dc6eb27a66d4e95b05e9e672e
Relevant ventor changes:
RAR5 reader: declare some constants static
Martin Matuska [Tue, 23 Oct 2018 10:58:07 +0000 (10:58 +0000)]
Update vendor/libarchive/dist to git
d5f35a90a4cb1eeb918213bff9d78e8b0471dc0a
Relevant vendor changes:
PR #1013: Add missing h_base offset when performing absolute seeks in
xar decompression
PR #1061: Add support for extraction of RAR v5 archives
PR #1066: Fix out of bounds read on empty string filename for gnutar, pax
and v7tar
PR #1067: Fix temporary file path buffer overflow in tests
IS #1068: Correctly process and verify integer arguments passed to
bsdcpio and bsdtar
PR #1070: Don't default XAR entry atime/mtime to the current time
Martin Matuska [Wed, 19 Sep 2018 10:26:45 +0000 (10:26 +0000)]
Update vendor/libarchive/dist to git
0cda60af13e709e670af90553b2271bf194e7ccd
Relevant vendor changes:
PR #1019: Add allocation check for the zip_entry struct
Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly
Martin Matuska [Fri, 7 Sep 2018 00:11:43 +0000 (00:11 +0000)]
Update vendor/libarchive/dist to git
5fe69dd018745a88eecf1f7db40daf12d26f7ed0
libarchive 3.3.3
Martin Matuska [Tue, 14 Aug 2018 11:37:03 +0000 (11:37 +0000)]
Update vendor/libarchive/dist to git
e6da40adb8ce566d906791b2a4083348bdd1e532
Important vendor changes:
PR #1042: validate iso9660 directory record length
Security: CVE-2017-14501
Martin Matuska [Sat, 28 Jul 2018 23:47:22 +0000 (23:47 +0000)]
Update vendor/libarchive/dist to git
2c8c83b9731ff822fad6cc8c670ea5519c366a14
Important vendor changes:
PR #993: Chdir to -C directory for metalog processing
OSS-Fuzz #4969: Check size of the extended time field in zip archives
PR #973: Record informational compression level in gzip header
Conrad Meyer [Sat, 28 Jul 2018 00:55:57 +0000 (00:55 +0000)]
libarchive: Cherry-pick upstream
2c8c83b9
Relevant vendor changes:
Fix issue #948: out-of-bounds read in lha_read_data_none()
admbugs: 877
Security: CVE-2017-14503
Martin Matuska [Wed, 24 Jan 2018 11:03:18 +0000 (11:03 +0000)]
vendor/libarchive/dist: Add new files missing in r328323
Martin Matuska [Wed, 24 Jan 2018 11:01:12 +0000 (11:01 +0000)]
Update libarchive to git
2d9156bb3ad92c43c1e81546f4a2c21549ba248f
Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator
Martin Matuska [Sun, 1 Oct 2017 00:26:06 +0000 (00:26 +0000)]
Update libarchive to git
47636913968b0b0dbde770f4234930e84de0e37c
Relevant vendor changes:
Tar manpage fix
Martin Matuska [Sat, 30 Sep 2017 23:33:19 +0000 (23:33 +0000)]
Update vendor/libarchive to git
92366744a52f3fa83c3899e375e415a5080a05f2
Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
OSS-Fuzz 2936: Place a limit on the mtree line length
OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)
Security: CVE-2017-14166, CVE-2017-14502
Martin Matuska [Fri, 28 Jul 2017 23:51:08 +0000 (23:51 +0000)]
Update vendor/libarchive to git
de20494ba2a4fcff8b56010faa75467ad8d5a40b
Relevant vendor changes:
PR #926: ensure ar strtab is null terminated
Martin Matuska [Fri, 28 Jul 2017 23:48:51 +0000 (23:48 +0000)]
Update vendor/libarchive to git
347ac2b6adfd4bca7418d30d7278d5343fc6e25e
libarchive 3.3.3dev
Martin Matuska [Thu, 13 Jul 2017 00:16:51 +0000 (00:16 +0000)]
Update vendor/libarchive to git
98a695399e8e7420635a5448aecde8b0a82fb83a
Release 3.3.2
Vendor changes:
PR #901: don't depend on stdin in a testcase
Martin Matuska [Thu, 11 May 2017 11:13:02 +0000 (11:13 +0000)]
Update vendor/libarchive to git
f2230fcaed3159d10caed63d9a20caa9fdc94c62
Vendor fixes:
#909: Fix use after free in cpio test_option_lz4
Reported by: Coverity (ngie@)
Martin Matuska [Wed, 3 May 2017 23:55:12 +0000 (23:55 +0000)]
Update vendor/libarchive to git
c253f0aae9ac86a617b4f814137e07757df72391
Vendor changes (FreeBSD-related):
PR 897: test for ZIP archives with invalid EOCD headers
PR 901: fix invalid renaming of sparse files
OSS-Fuzz issue 497: remove fallback tree in LZX decoder
OSS-Fuzz issue 527: rewrite expressions in lz4 filter
OSS-Fuzz issue 577: fix integer overflow in cpio reader
OSS-Fuzz issue 862: fix numerc parsing in mtree reader
OSS-Fuzz issue 1097: fix undefined shift in rar reader
cpio: various optimizations and memory leak fixes
Martin Matuska [Mon, 3 Apr 2017 12:22:55 +0000 (12:22 +0000)]
Update vendor/libarchive to git
500a62194a1faafaffd286f6da50633e86587f3c
Vendor changes (FreeBSD-related):
Plug memory leaks in xattr tests.
Martin Matuska [Mon, 3 Apr 2017 11:46:32 +0000 (11:46 +0000)]
Update vendor/libarchive to git
e9eef34719c4bc8cfa2e3cc568eae7afe763a2c3
Vendor changes (FreeBSD-related):
Report which extended attributes could not be restored
Update archive_read_disk.3 and archive_write_disk.3 manual pages
Martin Matuska [Tue, 28 Mar 2017 10:34:44 +0000 (10:34 +0000)]
Update vendor/libarchive to git
a04b5adede4022dd593af76cb2fc2e96cb34df91
Vendor changes (FreeBSD-related):
- add missing file from previous merge
- encapsulate platform ACL code in an #ifdef
Martin Matuska [Tue, 28 Mar 2017 09:58:54 +0000 (09:58 +0000)]
Update vendor/libarchive to git
13b0ed2ba504389c363cd302041fe10afa1837ad
Vendor changes (FreeBSD-related):
- constify variables in several places
- unify platform ACL code in a single source file
- fix unused variable if compiling on FreeBSD without NFSv4 ACL support
Martin Matuska [Thu, 23 Mar 2017 23:44:31 +0000 (23:44 +0000)]
Update vendor/libarchive to git
e92cb619661b5b52da63867305442e22892a503d
Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- support the UF_HIDDEN file flag
Martin Matuska [Mon, 20 Mar 2017 11:55:03 +0000 (11:55 +0000)]
Update vendor/libarchive to git
3e37a9e051bb7674115ca1e262551a070a92283a
Vendor changes:
Fix type in archive_read_open(3)
Always use extern keyword for shared constants in archive_acl_maps.h
Martin Matuska [Mon, 20 Mar 2017 11:12:31 +0000 (11:12 +0000)]
Update vendor/libarchive to git
5881c9021a85668bd945593f5ba43a0d22c53d71
Vendor changes (FreeBSD-related):
Break ACL read/write code into platform-specific source files
Vendor bugfixes (FreeBSD-related):
PR 867 (bsdcpio): show numeric uid/gid when names are not found
PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
PR 880 (pax): Fix handling of "size" pax header keyword
PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
Unbreak static dependency on libbz2
Martin Matuska [Thu, 2 Mar 2017 22:46:03 +0000 (22:46 +0000)]
Update vendor/libarchive to git
f4b9b3fe89b4acfef5e3a2283d3bc542315ddb57
Fixes for test_options_fflags tar test
Martin Matuska [Thu, 2 Mar 2017 21:13:25 +0000 (21:13 +0000)]
Update vendor/libarchive to git
a15c7f7b496ba4cefbcaf6f8ac637db4f3009a58
Documentation, style, test suite changes and typo fixes.
New bsdtar tests for --acls and --fflags options.
Martin Matuska [Thu, 2 Mar 2017 21:02:17 +0000 (21:02 +0000)]
Update vendor/libarchive to git
d6b1bb9f7ea7bc153b7356e8e345c9e48005821a
Release 3.3.1
Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Test suite improvements
New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Martin Matuska [Wed, 15 Feb 2017 20:00:36 +0000 (20:00 +0000)]
Update vendor/libarchive to git
0edabbad1f44641c64fe9d0cbaed27ed93ab38c2
Vendor changes:
Make SCHILY.acl.ace header more compact (NFSv4 ACLs)
Vendor bugfixes:
zip reader integer parsing fix (OSS-Fuzz 556)
spelling fixes (issue #863)
Martin Matuska [Fri, 10 Feb 2017 23:12:38 +0000 (23:12 +0000)]
Update vendor/libarchive to git
b3bd0b81a1a06909f766dea8be4072ef81de62b8
Vendor bugfixes:
cpio reader sanity fix (OSS-Fuzz 504)
WARC reader sanity fixes (OSS-Fuzz 511, 526, 532, 552)
mtree reader time parsing fix (OSS-Fuzz 538)
XAR reader memleak fix (OSS-Fuzz 551)
Martin Matuska [Thu, 2 Feb 2017 00:20:18 +0000 (00:20 +0000)]
Update vendor/libarchive to git
d77b577b2d5aa259fca06313c4940e1e61ab1e0e
Vendor changes (relevant to FreeBSD):
- bugfixes, improvemens and optimizations in ACL code
- NFSv4 ACLs can now be extracted from Solaris tar archives
Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
(OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)
Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header() (Coverity 1016752)
- iso 9660 reader: missing free in parse_file_info() (part. Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_locazip_read_local_file_header()
Martin Matuska [Tue, 10 Jan 2017 21:18:32 +0000 (21:18 +0000)]
Update vendor/libarchive to git
22f2d190639e6bd496a3b82f70c01fba0d38b40a
Vendor changes:
#691: Support for SCHILY.xattr extended attributes
#854: Spelling fixes
Multiple fixes in ACL code:
- prefer acl_set_fd_np() to acl_set_fd()
- if acl_set_fd_np() fails, do no fallback to acl_set_file()
- do not warn if trying to write ACLs to a filesystem without ACL support
- fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs
Martin Matuska [Fri, 30 Dec 2016 23:00:00 +0000 (23:00 +0000)]
Update vendor/libarchive to git
ab94a813b0f64cbc1bcb952bf55424a2d9c7f1d9
Vendor bugfixes:
Use __LA_DEPRECATED macro with functions deprecated in 379867e (r310796)
Martin Matuska [Fri, 30 Dec 2016 01:34:06 +0000 (01:34 +0000)]
Update vendor/libarchive to git
2a2488a81599f9cd065a8254b16a6fd48d81c3b4
Vendor bugfixes:
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3
Martin Matuska [Fri, 30 Dec 2016 01:31:03 +0000 (01:31 +0000)]
Update vendor/libarchive to git
e8a9de5eaf3b79fc3d990d056343bb52c51c5ba4
Fix style typo in tar.5
Martin Matuska [Fri, 30 Dec 2016 01:27:27 +0000 (01:27 +0000)]
Update vendor/libarchive to git to
379867ecb330b3a952fb7bfa7bffb7bbd5547205
Vendor changes:
PR #771: Add NFSv4 ACL support to pax and restricted pax
Martin Matuska [Tue, 27 Dec 2016 00:51:53 +0000 (00:51 +0000)]
Update vendor/libarchive to git to
42a3408ac7df1e69bea9ea12b72e14f59f7400c0
Vendor bugfixes:
PR 844: Coverity bug fixes in tests
PR 846: Spelling fixes
PR 850: Fix issues with reading certain jar files
PR 826: OpenSSL 1.1 support
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives
OSS-Fuzz 286: Bugfix in archive_strncat_l()
Martin Matuska [Sat, 17 Dec 2016 02:01:05 +0000 (02:01 +0000)]
Add vendor/libarchive/dist files missing in r310115
Martin Matuska [Thu, 15 Dec 2016 15:35:53 +0000 (15:35 +0000)]
Update vendor/libarchive to git to
30528ed7a9f479f1c363ee8cfa1c5eb4c7d9be10
Vendor bugfixes:
PR 826: OpenSSL 1.1 support
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives
Enji Cooper [Mon, 12 Dec 2016 02:12:51 +0000 (02:12 +0000)]
Merge PR to address libarchive/test coverity issues
Obtained from: libarchive (
f9e3de49fb294901374e0c8c6c2ceaeea7b6d6c0)
Enji Cooper [Mon, 12 Dec 2016 02:11:30 +0000 (02:11 +0000)]
Merge PR to address tar/test coverity issues
Obtained from: libarchive (
fd0ea220635939ffe4b9ffb5cacaaa526a25b5ae)
Enji Cooper [Mon, 12 Dec 2016 02:09:31 +0000 (02:09 +0000)]
Free p (the memory allocated via slurpfile) when done with the contents
Reported by: Coverity
CID: 1331631, 1331632, 1331633, 1331646
Obtained from: libarchive (
ebe29c0ec3b1aaa424df9cf884721c6018c676f4)
Martin Matuska [Tue, 6 Dec 2016 00:35:20 +0000 (00:35 +0000)]
Update vendor/libarchive to git
ddb3954bfdb9a0a98d50fb1c50cbecb603d9adf0
Vendor bugfixes:
libarchive #831:
Spelling fixes
libarchive #832:
Relax sanity checks of number fields in tar header even more
OSS-Fuzz #16:
Fix possible hang in uudecode_filter_read()
OSS-Fuzz #220:
Reject an 'ar' filename table larger than 1GB or a filename larger
than 1MB.
Martin Matuska [Fri, 2 Dec 2016 09:26:51 +0000 (09:26 +0000)]
Update vendor/libarchive to git
53d73345410d69e68171f05facaf4523e38e72bb
Vendor bugfixes:
Fix for heap-buffer-overflow in archive_le16dec()
Fix for heap-buffer-overflow in uudecode_bidder_bid()
Reworked fix for compatibility with archives created by Perl Archive::Tar
Martin Matuska [Thu, 1 Dec 2016 15:39:33 +0000 (15:39 +0000)]
Update vendor/libarchive to git
2d2b3e928605f795515b03f060fd638c265b0778
Small improvements, style fixes, bugfixes.
Important vendor bugfixes:
Restore compatibility with Perl Archive::Tar that was broken with #825
Martin Matuska [Tue, 29 Nov 2016 21:53:16 +0000 (21:53 +0000)]
Update vendor/libarchive to git
256e52f073765a4ddad1e86fd4d0eda2a18147bf
Important vendor bugfixes (relevant to FreeBSD):
#821: tar -P cannot extract hardlinks through symlinks
#825: Add sanity check of tar "uid, "gid" and "mtime" fields
Martin Matuska [Mon, 24 Oct 2016 13:51:45 +0000 (13:51 +0000)]
Update vendor/libarchive to git
629358182b04d7de2316bbd29708c58ddf797fd2
Libarchive 3.2.2
Martin Matuska [Thu, 13 Oct 2016 11:34:23 +0000 (11:34 +0000)]
Update vendor/libarchive to git
e3bdbbf3475c3abf264e563c753a20972095665e
Important vendor bugfixes (relevant to FreeBSD):
#801: FreeBSD Coverity report: resource leak in libarchive/tar/test/main.c
Martin Matuska [Tue, 4 Oct 2016 11:44:21 +0000 (11:44 +0000)]
Update vendor/libarchive to git
024be27d1b299c030e8841bed3002ee07ba9eedc
Important vendor bugfixes (relevant to FreeBSD):
#747: Out of bounds read in mtree parser
#761: heap-based buffer overflow in read_Header (7-zip)
#784: Invalid file on bsdtar command line results in internal errors (1)
PR: 213092 (1)
Obtained from: https://github.com/libarchive/libarchive
Martin Matuska [Wed, 14 Sep 2016 20:32:34 +0000 (20:32 +0000)]
Update vendor/libarchive to git
c31379acc9009f5a3bafcfa33d7672a24b3f51f3
Vendor issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions
This update fixes the vulnerability #3 and vulnerability #4 as reported in
the "non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/
e48209b03f1dd9625a992717e7b89c4f
Vulnerability #2 has already been fixed in r304866
Martin Matuska [Mon, 5 Sep 2016 15:20:55 +0000 (15:20 +0000)]
Update vendor/libarchive to git
b4099917d6893ed77af24caff1156e044ebd4fa5
Vendor issues fixed:
PR #777: Multiple bugfixes for setup_acls()
This fixes a bug that caused ACLs not to be read properly for files and
directories inside subdirectories and as a result not being stored in tar
archives.
Martin Matuska [Fri, 26 Aug 2016 22:02:37 +0000 (22:02 +0000)]
Update vendor/libarchive to git
299c6bf136b9bc328b498505f24f87e732b73ff6
Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Be more careful about extra_length
Martin Matuska [Sat, 13 Aug 2016 21:20:06 +0000 (21:20 +0000)]
Update vendor/libarchive to git
6a0d970f70102fe50ee9f1e51a2e4c048985e616
Vendor issues fixed:
Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD
Martin Matuska [Wed, 29 Jun 2016 07:00:15 +0000 (07:00 +0000)]
Update vendor/libarchive to git
084ef320b8fc62e3fd3acb762fe6175d48d7829c
Vendor issues fixed:
#686: Correctly grow buffer in archive_string_append_from_wcs_in_codepage()
FreeBSD PR #204157: Fix test on filesystems without birthtime support
PR: 204157
Martin Matuska [Tue, 21 Jun 2016 15:18:22 +0000 (15:18 +0000)]
Martin Matuska [Tue, 21 Jun 2016 00:00:05 +0000 (00:00 +0000)]
Add two missing test files in r302037
Martin Matuska [Mon, 20 Jun 2016 23:55:33 +0000 (23:55 +0000)]
Update vendor/libarchive to git
139d0576b51a253732a5ab1f66805dffbf8b00af
tag v3.2.1
Fixed vendor issues:
Issue 521: Properly check reading from lzss decompression buffer
Issue 717: Fix integer overflow when computing location of volume
descriptor
Issue 718: Security fix TALOS-CAN-152
Issue 719: Security fix TALOS-CAN-154
Security: TALOS-CAN-152, TALOS-CAN-154
Martin Matuska [Sat, 18 Jun 2016 08:25:31 +0000 (08:25 +0000)]
Update vendor/libarchive to git
d85976e7ff4a062e1de6e04dab7bb78e3344768f
Fixed vendor issues:
Issue 553: Fix broken decryption for ZIP files
Issue 657: Allow up to 8k for the test root directory name
Issue 682: Correctly write gnutar filenames of exactly 512 bytes
Issue 708: tar should fail if a named input file is missing
PR 715: Fix libarchive/archive_read_support_format_mtree.c:1388:11:
error: array subscript is above array bounds
Martin Matuska [Mon, 16 May 2016 04:47:32 +0000 (04:47 +0000)]
Update vendor/libarchvie to git commit 860ec63
Integrates my pull request #709
Martin Matuska [Thu, 12 May 2016 16:03:55 +0000 (16:03 +0000)]
Update vendor/libarchive/dist to git commit f48d99b
Integrates my pull requests #701, #702 and #703
Martin Matuska [Wed, 11 May 2016 10:19:44 +0000 (10:19 +0000)]
Update vendor/libarchive/dist to git commit 61c56e5 (post 3.2.0)
Martin Matuska [Wed, 11 May 2016 10:10:11 +0000 (10:10 +0000)]
Keep full libarchive distribution in vendor branch (prep for 3.2.0 update)
Martin Matuska [Tue, 10 May 2016 21:12:32 +0000 (21:12 +0000)]
Trim libarchive/dist using FREEBSD-Xlist
Xin LI [Tue, 23 Feb 2016 07:04:54 +0000 (07:04 +0000)]
Apply upstream commit
6e06b1c8 (partial, by kientzle):
Fix a potential crash issue discovered by Alexander Cherepanov:
It seems bsdtar automatically handles stacked compression. This is a
nice feature but it could be problematic when it's completely
unlimited. Most clearly it's illustrated with quines:
$ curl -sRO http://www.maximumcompression.com/selfgz.gz
$ (ulimit -v
10000000 && bsdtar -tvf selfgz.gz)
bsdtar: Error opening archive: Can't allocate data for gzip decompression
Without ulimit, bsdtar will eat all available memory. This could also
be a problem for other applications using libarchive.
Bryan Drewery [Tue, 28 Jul 2015 17:48:34 +0000 (17:48 +0000)]
Apply upstream changeset
bf4f6ec64e:
Fix issue 356: properly skip a sparse file entry in a tar file.
Bryan Drewery [Tue, 28 Jul 2015 17:20:35 +0000 (17:20 +0000)]
Apply upstream changeset fa9e61:
Fix --one-file-system to include the directory encountered rather than
excluding it.
Xin LI [Thu, 14 May 2015 21:39:03 +0000 (21:39 +0000)]
Apply upstream changeset 24f5de6:
Set a proper error message if we hit end-of-file when
trying to read a cpio header.
Suggested by Issue #395, although the actual problem there
seems to have been the same as Issue #394.
Xin LI [Thu, 14 May 2015 21:34:20 +0000 (21:34 +0000)]
Apply upstream changeset e6c9668:
Add a check to archive_read_filter_consume to reject any
attempts to move the file pointer by a negative amount.
Note: Either this or commit 3865cf2 provides a fix for
Issue 394.
Xin LI [Thu, 14 May 2015 21:33:33 +0000 (21:33 +0000)]
Apply upstream changeset 3865cf2:
Issue 394: Segfault when reading malformed old-style cpio archives
Root cause here was an implicit cast that resulted in
reading very large file sizes as negative numbers.
Martin Matuska [Thu, 21 Mar 2013 21:51:46 +0000 (21:51 +0000)]
Delete files accidentially left over in r248590 (libarchive 3.1.2)
Martin Matuska [Thu, 21 Mar 2013 18:59:02 +0000 (18:59 +0000)]
Update libarchive's vendor dist to version 3.1.2 from release branch.
Git branch: release
Git commit:
19f23e191f9d3e1dd2a518735046100419965804
Obtained from: https://github.com/libarchive/libarchive.git
Martin Matuska [Fri, 27 Jul 2012 08:24:12 +0000 (08:24 +0000)]
Update libarchive's vendor dist to version 3.0.4 from release branch.
Git branch: release
Git commit:
8076b31490c90aaf0edccecf760004c30bd95edc
Obtained from: https://github.com/libarchive/libarchive.git
Martin Matuska [Sat, 25 Feb 2012 00:16:00 +0000 (00:16 +0000)]
Update libarchive's vendor dist to latest changes in release branch.
Git branch: release
Git commit:
e2cc36190d7d733b3ac6744ec860d09776c9da02
Obtained from: https://github.com/libarchive/libarchive.git
Martin Matuska [Thu, 9 Feb 2012 19:13:36 +0000 (19:13 +0000)]
Update libarchive's vendor dist to latest changes in release branch.
Now all the gcc warnings I have reported upstream should be fixed.
Git branch: release
Git commit:
01580b4298a946fb31e822a083bf49e9f37809ac
Obtained from: https://github.com/libarchive/libarchive.git