MFC r350423:Remove a duplicate file listing in the libarchive tests.
MFC r349527,349538:Sync libarchive with vendor.Relevant vendor changes: PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary (OSS-Fuzz 15431) PR #1218: Fixes
MFC r349527,349538:Sync libarchive with vendor.Relevant vendor changes: PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary (OSS-Fuzz 15431) PR #1218: Fixes to sparse file handling
show more ...
MFC r348993,349135:Sync libarchive with vendor including security fixesr348993: - version bumped to 3.4.0 - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - p
MFC r348993,349135:Sync libarchive with vendor including security fixesr348993: - version bumped to 3.4.0 - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.cr349135: PR #1212: RAR5 reader - window_mask was not updated correctly (OSS-Fuzz 15278) OSS-Fuzz 15120: RAR reader - extend use after free bugfix
MFC r347999:Install missing data file forlib.libarchive.functional_test.test_read_format_zip_utf8_paths
MFC r347990:Sync libarchive with vendor.Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #9
MFC r347990:Sync libarchive with vendor.Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes
MFC r345497:Sync libarchive with vendor.Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes
MFC r345497:Sync libarchive with vendor.Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet)PR: 236300 [1]
MFC r344063,r344088:MFC r344063:Sync libarchive with vendor.Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZM
MFC r344063,r344088:MFC r344063:Sync libarchive with vendor.Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 readerMFC r344088: archive_read_disk_posix.c: initialize delayed_errnoPR: 233006 [3]Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2]
MFC r339746,339751,339794,340866,340939,342042:Sync libarchive with vendor.Relevant vendor changes: PR #1013: Add missing h_base offset when performing absolute seeks in xar decompre
MFC r339746,339751,339794,340866,340939,342042:Sync libarchive with vendor.Relevant vendor changes: PR #1013: Add missing h_base offset when performing absolute seeks in xar decompression PR #1023: Support extracting extattrs as non-root on non-user-writeable files PR #1061: Add support for extraction of RAR v5 archives PR #1066: Fix out of bounds read on empty string filename for gnutar, pax and v7tar PR #1067: Fix temporary file path buffer overflow in tests IS #1068: Correctly process and verify integer arguments passed to bsdcpio and bsdtar PR #1070: Don't default XAR entry atime/mtime to the current time PR #1080: Spelling fixes PR #1084: RAR5 reader bugfixes PR #1091: fix use-after-free in delayed newc link processing PR #1092: Fix a few obvious resource leaks and strcpy() misuses IS #1096: Support extracting ACLs with in-entry comments (GNU tar) PR #1102: RAR5 reader - fix big-endian problems PR #1105: Fix various crash, memory corruption and infinite loop conditions RAR5 reader: FreeBSD build platform fixes for powerpc(64), mips(64), sparc64 and riscv64 RAR5 reader: more maybe-uninitialized size_t fixes for riscv64 FreeBSD build
MFV r328323,328324:Sync libarchive with vendor.Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names
MFV r328323,328324:Sync libarchive with vendor.Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separatorMFC after: 1 week
DIRDEPS_BUILD: Update dependencies.Sponsored by: Dell EMC Isilon
MFV r324145,324147:Sync libarchive with vendor.Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue
MFV r324145,324147:Sync libarchive with vendor.Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)MFC after: 1 weekSecurity: CVE-2017-14166, CVE-2017-14502
MFV r317781:Sync libarchive with vendorVendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz iss
MFV r317781:Sync libarchive with vendorVendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz issue 497: remove fallback tree in LZX decoder OSS-Fuzz issue 527: rewrite expressions in lz4 filter OSS-Fuzz issue 577: fix integer overflow in cpio reader OSS-Fuzz issue 862: fix numerc parsing in mtree reader OSS-Fuzz issue 1097: fix undefined shift in rar reader cpio: various optimizations and memory leak fixesMFC after: 1 week
MFV r315875:Sync libarchive with vendor.Vendor changes (FreeBSD-related):- store extended attributes with extattr_set_link() if no fd is provided- add extended attribute tests to libarchive and
MFV r315875:Sync libarchive with vendor.Vendor changes (FreeBSD-related):- store extended attributes with extattr_set_link() if no fd is provided- add extended attribute tests to libarchive and bsdtar- fix tar's test_option_acls- support the UF_HIDDEN file flagX-MFC with: 315636
MFV r314565,314567,314570:Update libarchive to version 3.3.1 (and sync with latest vendor dist)Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading
MFV r314565,314567,314570:Update libarchive to version 3.3.1 (and sync with latest vendor dist)Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes.New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)MFC after: 2 weeks
MFV r313071:Sync libarchive with vendorVendor changes (relevant to FreeBSD):- support extracting NFSv4 ACLs from Solaris tar archives- bugfixes and optimizations in the ACL code- multiple fixes
MFV r313071:Sync libarchive with vendorVendor changes (relevant to FreeBSD):- support extracting NFSv4 ACLs from Solaris tar archives- bugfixes and optimizations in the ACL code- multiple fixes in the test suite- typo and other small bugfixesSecurity fixes:- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)- LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601)- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453)- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)Memory leak fixes:- ACL support: free memory allocated by acl_get_qualifier()- disk writer: missing free in create_filesystem_object()- file reader: fd leak (Coverity 1016755)- gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675)- iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754)- program reader: missing free in __archive_read_program()- program writer: missing free in __archive_write_program_free()- xar reader: missing free in xar_cleanup()- xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981)- xar writer: missing free in file_free()- zip reader: missing free in zip_read_local_file_header()MFC after: 1 weekX-MFC with: 310866, 310868, 310870, 311899
Build libarchive tests missing in r311899MFC after: 1 weekX-MFC with: r311899
Look for list.h in ${.CURDIR} to unbreak the build with a ports-based copyof llvm38 on ^/stable/11 (oh, the bugs you find when you set CC,CXX,CPPmanually and it skips the bootstrap stage for the to
Look for list.h in ${.CURDIR} to unbreak the build with a ports-based copyof llvm38 on ^/stable/11 (oh, the bugs you find when you set CC,CXX,CPPmanually and it skips the bootstrap stage for the toolchain...)
MFV r310796, r310797:Sync libarchive with vendor.Vendor changes (relevant to FreeBSD):PR #771: Add NFSv4 ACL support to pax and restricted paxNFSv4 ACL information may now be stored to and res
MFV r310796, r310797:Sync libarchive with vendor.Vendor changes (relevant to FreeBSD):PR #771: Add NFSv4 ACL support to pax and restricted paxNFSv4 ACL information may now be stored to and restored from tar archives.ACL must be non-trivial and supported by the underlying filesystem, e.g.natively by ZFS or by UFS with the NFSv4 ACL enable flag set.MFC after: 2 weeksRelnotes: yes
MFV r310622:Sync libarchive with vendor.Vendor bugfixes (relevant to FreeBSD):PR 846: Spelling fixesPR 850: Fix issues with reading certain jar filesOSS-Fuzz 286: Bugfix in archive_strncat_l()
MFV r309587:Sync libarchive with vendor.Vendor bugfixes:libarchive #831: Spelling fixeslibarchive #832: Relax sanity checks of number fields in tar header even moreOSS-Fuzz #16: Fix pos
MFV r309587:Sync libarchive with vendor.Vendor bugfixes:libarchive #831: Spelling fixeslibarchive #832: Relax sanity checks of number fields in tar header even moreOSS-Fuzz #16: Fix possible hang in uudecode_filter_read()OSS-Fuzz #220: Reject an 'ar' filename table larger than 1GB or a filename larger than 1MB.MFC after: 1 week
MFC r309362:Sync libarchive with vendor.Small improvements, style fixes, bugfixes.Restores compatibility with tar archives created with Perl Archive::Tar (1)MFC after: 1 weekReported by: Matth
MFC r309362:Sync libarchive with vendor.Small improvements, style fixes, bugfixes.Restores compatibility with tar archives created with Perl Archive::Tar (1)MFC after: 1 weekReported by: Matthew Seaman <[email protected]> (1)
MFV r309299:Sync libarchive with vendor.Important vendor bugfixes (relevant to FreeBSD):#821: tar -P cannot extract hardlinks through symlinks#825: Add sanity check of tar "uid, "gid" and "mtime
MFV r309299:Sync libarchive with vendor.Important vendor bugfixes (relevant to FreeBSD):#821: tar -P cannot extract hardlinks through symlinks#825: Add sanity check of tar "uid, "gid" and "mtime" fieldsPR: 213255Reported by: Tijl Coosemans <[email protected]>MFC after: 1 week
MFV r306669:Sync libarchive with vendor including security fixes.Important vendor bugfixes (relevant to FreeBSD):#747: Out of bounds read in mtree parser#761: heap-based buffer overflow in read_
MFV r306669:Sync libarchive with vendor including security fixes.Important vendor bugfixes (relevant to FreeBSD):#747: Out of bounds read in mtree parser#761: heap-based buffer overflow in read_Header (7-zip)#784: Invalid file on bsdtar command line results in internal errors (1)PR: 213092 (1)MFC after: 1 week
Increase timeout from 300 (default) to 600 seconds.It takes 6-7 minutes to proceed the test on MIPS64EB.Sponsored by: DARPA, AFRLSponsored by: HEIF5
MFV r305816:Sync libarchive with vendor including important security fixes.Issues fixed (FreeBSD):PR #778: ACL error handlingIssue #745: Symlink check prefix optimization is too aggressiveIssue
MFV r305816:Sync libarchive with vendor including important security fixes.Issues fixed (FreeBSD):PR #778: ACL error handlingIssue #745: Symlink check prefix optimization is too aggressiveIssue #746: Hard links with data can evade sandboxing restrictionsThis update fixes the vulnerability #3 and vulnerability #4 as reported in"non-cryptanalytic attacks against FreeBSD update components".https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4fFix for vulnerability #2 has already been merged in r304989.MFC after: 1 weekSecurity: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
12