Commit Graph

136 Commits

Author SHA1 Message Date
Martin Matuska 01333e8c4d Update vendor/libarchive to 3.8.5
Important bugfixes:
 #2809 bsdtar: fix regression from 3.8.4 zero-length pattern issue bugfix

Obtained from:	libarchive
Vendor commit:	dd897a78c662a2c7a003e7ec158cea7909557bee
2026-01-05 21:10:21 +01:00
Martin Matuska bf3359d921 Update vendor/libarchive to 3.8.4
Important bugfixes:
 #2787 bsdtar: Fix zero-length pattern issue
 #2797 lib: Fix regression introduced in libarchive 3.8.2
            when walking enterable but unreadable directories

Obtained from:	libarchive
Vendor commit:  d114ceee6de08a7a60ff1209492ba38bf9436f79
2025-12-01 14:01:24 +01:00
Martin Matuska f1aa8e6d51 Update vendor/libarchive to 3.8.3
Important bugfixes:
     #2753 lib: Create temporary files in the target directory
     #2768 lha: Fix for an out-of-bounds buffer overrun when using
           p[H_LEVEL_OFFSET]
     #2769 7-zip: Fix a buffer overrun when reading truncated 7zip headers
     #2771 lz4 and zstd: Support both lz4 and zstd data with leading
           skippable frames

Obtained from:	libarchive
Vendor commit:	1368b08875351df8aa268237b882c8f4ceb0882d
2025-11-19 14:21:51 +01:00
Martin Matuska 8f38cbcd9c Update vendor/libarchive to 3.8.2
Important bugfixes:
 #2477 tar writer: fix replacing a regular file with a dir for
       ARCHIVE_EXTRACT_SAFE_WRITES
 #2659 lib: improve filter process handling
 #2664 zip writer: fix a memory leak if write callback error early
 #2665 lib: archive_read_data: handle sparse holes at end of file correctly
 #2668 7zip: Fix out of boundary access
 #2670 zip writer: fix writing with ZSTD compression
 #2672 lib: fix error checking in writing files
 #2678 zstd write filter: enable Zstandard's checksum feature
 #2679 lib: handle possible errors from system calls
 #2707 lib: avoid leaking file descriptors into subprocesses
 #2713 RAR5 reader: fix multiple issues in extra field parsing function
 #2716 RAR5 reader: early fail when file declares data for a dir entry
 #2717 bsdtar: Allow filename to have CRLF endings
 #2719 tar reader: fix checking the result of the strftime (CVE-2025-25724)
 #2737 tar reader: fix an infinite loop when parsing V headers
 #2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big
       enough

Obtained from:	libarchive
Vendor commit:	7f53fce04e4e672230f4eb80b219af17975e4f83
Security:	CVE-2025-25724
2025-10-16 19:41:19 +02:00
Martin Matuska 76141d3306 Update vendor/libarchive to 3.8.1
Notable bugfixes:
 #2634 tar: Support negative time values with pax
 #2637 tar: Keep block alignment after pax error
 #2642 libarchive: fix FILE_skip regression
 #2643 tar: Handle extra bytes after sparse entries
 #2649 compress: Prevent call stack overflow
 #2651 iso9660: always check archive_string_ensure return value

Obtained from:	libarchive
Vendor commit:	9525f90ca4bd14c7b335e2f8c84a4607b0af6bdf
2025-06-01 22:04:03 +02:00
Martin Matuska b0ea71a855 Update vendor/libarchive to 3.8.0
New features:
 #2088 7-zip reader: improve self-extracting archive detection
 #2137 zip writer: added XZ, LZMA, ZSTD and BZIP2 support
 #2403 zip writer: added LZMA + RISCV BCJ filter
 #2601 bsdtar: support --mtime and --clamp-mtime
 #2602 libarchive: mbedtls 3.x compatibility

Security fixes:
 #2422 tar reader: Handle truncation in the middle of a GNU long linkname
       CVE-2024-57970
 #2532 tar reader: fix unchecked return value in list_item_verbose()
       CVE-2025-25724
 #2532 unzip: fix null pointer dereference
       CVE-2025-1632
 #2568 warc: prevent signed integer overflow
 #2584 rar: do not skip past EOF while reading
 #2588 tar: fix overflow in build_ustar_entry
 #2598 rar: fix double free with over 4 billion nodes
 #2599 rar: fix heap-buffer-overflow

Important bugfixes:
  #2399 7-zip reader: add SPARC filter support for non-LZMA compressors
  #2405 tar reader: ignore ustar size when pax size is present
  #2435 tar writer: fix bug when -s/a/b/ used more than once with b flag
  #2459 7-zip reader: add POWERPC filter support for non-LZMA compressors
  #2519 libarchive: handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
  #2539 libarchive: add missing seeker function to archive_read_open_FILE()
  #2544 gzip: allow setting the original filename for gzip compressed files
  #2564 libarchive: improve lseek handling
  #2582 rar: support large headers on 32 bit systems
  #2587 bsdtar: don't hardlink negative inode files together
  #2596 rar: support large headers on 32 bit systems
  #2606 libarchive: support @-prefixed Unix epoch timestamps as date strings

Obtained from:	libarchive
Vendor commit:	70ff28fcf04ec129a1d064f96e49aa57fcc90e37
CVE:		CVE-2024-57970, CVE-2025-1632, CVE-2025-25724
2025-05-20 12:47:29 +02:00
Martin Matuska eff4ff4791 Update vendor/libarchive to 3.7.7
Security fixes:
 #2364 tar: don't crash on truncated tar archives
 #2366 gzip: prevent a hang when processing a malformed gzip inside a gzip
 #2377 tar: fix two leaks in tar header parsing

Important bugfixes:
 #2096 rar5: report encrypted entries
 #2252 7-zip: read/write symlink paths as UTF-8
 #2360 tar: fix truncation of entry pathnames in specific archives

Obtained from:	libarchive
Vendor commit:	b439d586f53911c84be5e380445a8a259e19114c
2024-10-13 10:34:52 +02:00
Martin Matuska e6330bf497 Update vendor/libarchive to 3.7.6
Security fixes:
 #2330 iso: be more cautious about parsing ISO-9660 timestamps
 #2343 tar: clean up linkpath between entries

Important bugfixes:
 #2338 tar: fix memory leaks when processing symlinks or parsing pax headers

Obtained from:	libarchive
Vendor commit:	f0a0bc6b3046e34c9d6981f8c026da51fea12c89
2024-09-23 11:50:06 +02:00
Martin Matuska 2022efa030 Update vendor/libarchive to 3.7.5
Security fixes:
 #2158 rpm: calculate huge header sizes correctly
 #2160 util: fix out of boundary access in mktemp functions
 #2168 uu: stop processing if lines are too long
 #2174 lzop: prevent integer overflow
 #2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
 #2175 unzip: unify EOF handling
 #2179 rar4: fix out of boundary access with large files
 #2203 rar4: fix OOB access with unicode filenames
 #2210 rar4: add boundary checks to rgb filter
 #2248 rar4: fix OOB in delta filter
 #2249 rar4: fix OOB in audio filter
 #2256 fix multiple vulnerabilities identified by SAST
 #2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
 #2265 rar5: clear 'data ready' cache on window buffer reallocs
 #2269 rar4: fix CVE-2024-26256 (CVE-2024-26256)

Important bugfixes:
 #2150 xar: fix another infinite loop and expat error handling
 #2173 shar: check strdup return value
 #2161 lha: fix integer truncation on 32-bit systems
 #2245 7zip: fix issue when skipping first file in 7zip archive that
       is a multiple of 65536 bytes
 #2259 rar5: don't try to read rediculously long names
 #2290 ar: fix archive entries having no type

Obtained from:	libarchive
Vendor commit: 	12ecf8418ab3595d66cdea1abadcea8b6a9d288b
CVE:		CVE-2024-20696, CVE-2024-26256
2024-09-14 11:48:57 +02:00
Martin Matuska ed3e988642 Update vendor/libarchive to libarchive master 83e8b0ea8
#2147 archive_string: clean up strncat_from_utf8_to_utf8 (36047967a)
 #2153 archive_match: check archive_read_support_format_raw()
       return value (0ce1b4c38)
 #2154 archive_match: turn counter into flag (287e05d53)
 #2155 lha: Do not allow negative file sizes (93b11caed)
 #2156 tests: setenv LANG to en_US.UTF-8 in bsdunzip test_I.c (83e8b0ea8)

Obtained from:		libarchive
Libarchive commit:	83e8b0ea8c3b07e07ac3dee90a8724565f8e53fd
2024-04-30 11:49:58 +02:00
Martin Matuska 51c823ac27 Cherry-pick commits from libarchive to vendor/libarchive
#2148 fix: OOB in rar delta filter (a1cb648d5)
 #2149 fix: OOB in rar audio filter (3006bc5d0)
 #2150 xar: Fix another infinite loop and expat error handling (b910cb70d)

Obtained from:		libarchive
Libarchive commits:	b910cb70d4c1b311c9d85cd536a6c91647c43df7
			a1cb648d52f5b6d3f31184d9b6a7cbca628459b7
			3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b
2024-04-29 09:23:21 +02:00
Martin Matuska d6f77d3cfa Update vendor/libarchive to 3.7.4
Security fixes:
 #2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256)
 #2145 zip: Fix out of boundary access

Important bugfixes:
 #2131 7zip: Limit amount of properties
 #2110 bsdtar: Fix error handling around strtol() usages
 #2116 passphrase: Never allow empty passwords
 #2124 rar: Fix "File CRC Error" when extracting specific rar4 archives
 #2123 xar: Avoid infinite link loop
 #2108 zip: Update AppleDouble support for directories
 #2071 zstd: Implement core detection

Obained from:		libarchive
Libarchive commit:	313aa1fa10b657de791e3202c168a6c833bc3543
2024-04-26 12:11:59 +02:00
Martin Matuska a509d68f27 Update vendor/libarchive to 3.7.3
New features:
  #1941 uudecode filter: support file name and file mode in raw mode
  #1943 7-zip reader: translate Windows permissions into UNIX
        permissions
  #1962 zstd filter now supports the "long" write option
  #2012 add trailing letter b to bsdtar(1) substitute pattern
  #2031 PCRE2 support
  #2054 add support for long options "--group" and "--owner" to tar(1)

Security fixes:
  #2101 Fix possible vulnerability in tar error reporting introduced
        in f27c173

Important bugfixes:
  #1974 ISO9660: preserve the natural order of links
  #2105 rar5: fix infinite loop if during rar5 decompression the last
        block produced no data
  #2027 xz filter: fix incorrect eof at the end of an lzip member
  #2043 zip: fix end-of-data marker processing when decompressing zip
        archives

Obtained from:		libarchive
Libarchive commit:	4fcc02d906cca4b9e21a78a833f1142a2689ec52
2024-04-11 15:48:20 +02:00
Martin Matuska a5913a473b Update vendor/libarchive to libarchive/libarchive@1b4e0d0f9
Changes to not yet connected unzip command only.

Obtained from:		libarchive
Libarchive commit:	1b4e0d0f9d445ba3e4d0c7db7ce0b30300572fe8
2023-09-07 16:21:24 +02:00
Martin Matuska 80517d0d48 Update vendor/libarchive to libarchive/libarchive@5c5a9f2b7
Changes to not yet connected unzip command only.

Obtained from:		libarchive
Libarchive commit:	5c5a9f2b76ed51f060752b356c9e96ef3aee1baf
2023-08-04 00:59:05 +02:00
Martin Matuska f8035ed8e5 Update vendor/libarchive to libarchive/libarchive@27ca5119f
Changes to not yet connected unzip command only.

Obtained from:		libarchive
Libarchive commit:	27ca5119f754d2d359a3cf4ac66c6672260a74d3
2023-07-31 13:09:09 +02:00
Martin Matuska 70968ea087 Update vendor/libarchive to libarchive/libarchive@0e1e2b926
Important bugfixes (relevant to FreeBSD):
  ISSUE #1934: stack buffer overflow in cpio verbose mode
  ISSUE #1935: SEGV in cpio verbose mode
  PR #1731 tar: respect --strip-components and -s patterns in cru modes

Obtained from:		libarchive
Libarchive commit:	0e1e2b926aad81512a79a05c791b9dc7e0fa8715
Libarchive tag:		v3.7.1
2023-07-29 20:19:08 +02:00
Martin Matuska 14b646f7c3 Update vendor/libarchive to libarchive/libarchive@ee4579617
Important changes (relevant to FreeBSD):
  #1840 year 2038 fix for pax archives on platforms with 64-bit time_t
  #1873 bsdunzip ported to libarchive from FreeBSD
  #1894 read support for zstd compression in 7zip archives
  #1918 ARM64 filter support in 7zip archives

Obtained from:		libarchive
Libarchive commit:	ee45796171324519f0c0bfd012018dd099296336
Libarchive tag:		v3.7.0
2023-07-18 09:58:47 +02:00
Martin Matuska 309e35276a Update vendor/libarchive to libarchive/libarchive@1f3c62ebf
Important changes (relevant to FreeBSD):
  #1814 Do not account for NULL terminator when comparing with "TRAILER!!!"
  #1818 Add ability to produce multi-frame zstd archives
  #1860 Make single bit bitfields unsigned to avoid clang 16 warning
  #1869 Fix FreeBSD builds with WARNS=6

Obtained from:		libarchive
Libarchive commit:	1f3c62ebf4d492ac21d3099b3b064993100dd997
2023-05-30 15:12:16 +02:00
Martin Matuska b5a00e61e9 Update vendor/libarchive to libarchive/libarchive@ba80276cc
Important Bugfixes:
  rar5 reader: fix possible garbled output with bsdtar -O (#1745)
  mtree reader: support reading mtree files with tabs (#1783)
  various small fixes for issues found by CodeQL

Obtained from:		libarchive
Libarchive commit:	ba80276ccc3c941c4918ec6e2460059f0c525c43
Libarcive tag:		v3.6.2
2022-12-09 17:28:02 +01:00
Martin Matuska 91ee6b45e4 Update vendor/libarchive to libarchive/libarchive@6c3301111
Bugfixes:
  PR #1549: archive_digest: check return value of EVP_DigestInit()
    - Improves OpenSSL 3.0 support

Obtained from:		libarchive
Libarchive commit:	6c3301111caa75c76e1b2acb1afb2d71341932ef
Libarcive tag:		v3.6.1
2022-04-08 15:05:57 +02:00
Martin Matuska d0dbd88ba9 Update vendor/libarchive to libarchive/libarchive@db7145537
Bugfixes:
  IS #1685 and OSS-Fuzz #38764:
    (ISO reader) fix possible heap buffer overflow in read_children()
  IS #1715 and OSS-Fuzz #46279:
    (RARv4 reader) fix heap-use-after-free in run_filters()

Obtained from:		libarchive
Libarchive commit:	db714553712debbc447383f735e022031dc13127
2022-04-03 13:44:32 +02:00
Martin Matuska b36466f05a Update vendor/libarchive to libarchive/libarchive@cfaa28168
Bugfixes:
  IS #1672 and OSS-Fuzz #38766:
    (zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init()
  PR #1676: (mtree reader) remove the unused variable "detected_bytes"
  PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5

Obtained from:		libarchive
Libarchive commit:	cfaa28168a07ea4a53276b63068f94fce37d6aff
2022-03-26 10:56:58 +01:00
Martin Matuska 8b3c992251 Update vendor/libarchive to libarchive/libarchive@1271f775d
Bugfixes:
OSS-Fuzz #44843 (security):
  RAR reader: fix null-dereference in RAR (v4) filter code

Obtained from:		libarchive
Libarchive commit:	1271f775dc917798ad7d03c3b3bd66bacad03603
2022-02-21 12:04:05 +01:00
Martin Matuska 3c540f9694 Update vendor/libarchive to libarchive/libarchive@72ce1ff7c
Bugfixes:
  OSS-Fuzz #44547 (security):
    fix heap-use-after-free in RAR (v4) filter code
  PR #1671:
    Fix 7z PPMD reading beyond boundary

Obtained from:		libarchive
Libarchive commit:	72ce1ff7c6857a7334baa05884e69b9264a2199c
2022-02-19 00:49:06 +01:00
Martin Matuska 84631082f6 Update vendor/libarchive libarchive/libarchive@9147def1d
Libarchive 3.6.0

New features:
  PR #1614: tar: new option "--no-read-sparse"
  PR #1503: RAR reader: filter support
  PR #1585: RAR5 reader: self-extracting archive support

New features (not used in FreeBSD base):
  PR #1567: tar: threads support for zstd (#1567)
  PR #1518: ZIP reader: zstd decompression support

Security Fixes:
  PR #1491, #1492, #1493, CVE-2021-36976:
    fix invalid memory access and out of bounds read in RAR5 reader
  PR #1566, #1618, CVE-2021-31566:
    extended fix for following symlinks when processing the fixup list

Other notable bugfixes and improvements:
  PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
  PR #1625: reduced size of application binaries

Obtained from:		libarchive
Libarchive commit:	9147def1da7ad1bdd47b3559eb1bfeeb0e0f374b
Libarchive tag:		v3.6.0
2022-02-09 14:20:23 +01:00
Martin Matuska 6c0d5e8e0e vendor/libarchive: cherry-pick 8a1bd5c18 from upstream
Reworked fix for upstream issue #1566:
  Processing fixup entries may follow symbolic links

Obtained from:		libarchive
Libarchive commit:	8a1bd5c18e896f0411a991240ce0d772bb02c840
2021-08-27 12:36:49 +02:00
Martin Matuska 9aa5476184 Update vendor/libarchive/dist to libarchive/libarchive@1b2c437b9
Libarchive 3.5.2

New features:
  PR #1502: Support for PWB and v7 binary cpio formats
  PR #1509: Support of deflate algorithm in symbolic link decompression
            for ZIP archives

Important bugfixes:
  IS #1044: fix extraction of hardlinks to symlinks
  PR #1480: Fix truncation of size values during 7zip archive
            extraction on 32bit architectures
  PR #1504: fix rar header skiming
  PR #1514: ZIP excessive disk read - fix location of central directory
  PR #1520: fix double-free in CAB reader
  PR #1521: Fixed leak of rar before ending with error
  PR #1530: Handle short writes from archive_write_callback
  PR #1532: 7zip: Use compression settings from file also for file header
  IS #1566: do not follow symlinks when processing the fixup list

Obtained from:		libarchive
Libarchive commit:	1b2c437b99b361c7692538fa373e99955e9b93ae
Libarchive tag:		v3.5.2
2021-08-23 02:24:04 +02:00
Martin Matuska 8be2bb3d35 Update vendor/libarchive/dist to 227a4b9719a7fbeba6ba46e377ff7d953f405cd5
Libarchive 3.5.1
2020-12-28 00:06:27 +01:00
Martin Matuska bcd2ffcdc2 Update vendor/libarchive/dist to b2c3ee7e2907511533eeb2a0f2ceecc1faa73185
Vendor changes:
  Issue #1461: Unbreak build without lzma
  Issue #1462: warc reader: Fix build with gcc11
  Issue #1463: Fix code compatibility in test_archive_read_support.c
  Issue #1464: Use built-in strnlen on platforms where not available
  Issue #1465: warc reader: fix undefined behaviour in deconst() function
2020-12-13 15:29:19 +00:00
Martin Matuska d5f2a5ff11 Update vendor/libarchive/dist to git 833821f55b1807cac22a63a58b759a7802df2fb7
Libarchive 3.5.0

Relevant vendor changes:
  Issue #1258: add archive_read_support_filter_by_code()
  PR #1347: mtree digest reader support
  Issue #1381: skip hardlinks pointing to itself on extraction
  PR #1387: fix writing of cpio archives with hardlinks without file type
  PR #1388: fix rdev field in cpio format for device nodes
  PR #1389: completed support for UTF-8 encoding conversion
  PR #1405: more formats in archive_read_support_format_by_code()
  PR #1408: fix uninitialized size in rar5_read_data
  PR #1409: system extended attribute support
  PR #1435: support for decompression of symbolic links in zipx archives
  Issue #1456: memory leak after unsuccessful archive_write_open_filename
2020-12-01 10:36:46 +00:00
Kyle Evans 4dd2ae60c2 libarchive: import fix for WARNS=6 builds in testing bits
Two more cases of explicitly marking globals for internal linkage where they
need not be shared. Committed upstream as of a38e62314a1f.
2020-09-11 16:12:48 +00:00
Martin Matuska e117869ad3 Update vendor/libarchive/dist to git fc6563f5130d8a7ee1fc27c0e55baef35119f26c
Libarchive 3.4.3

Relevant vendor changes:
  PR #1352: support negative zstd compression levels
  PR #1359: improve zstd version checking
  PR #1348: support RHT.security.selinux from GNU tar
  PR #1357: support for archives compressed with pzstd
  PR #1367: fix issues in acl tests
  PR #1372: child handling cleanup
  PR #1378: fix memory leak from passphrase callback
2020-05-20 16:13:02 +00:00
Martin Matuska d0916f2d0d Update vendor/libarchive/dist to git f001f3b0e6a66a7eb989ed3783791c0316831202
Relevant vendor changes:
  Issue #1341: Safe writes: improve error handling
2020-03-02 08:30:59 +00:00
Martin Matuska 65da968c5c Update vendor/libarchive/dist to git 85b9f665b6a2d4397fdd38992152d011265e374b
Relevant vendor changes:
  Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
  PR #1331: cpio.5: fix hard link description
  Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
  Issue #1338: XAR reader: fix UBSan warning about undefined behavior
  Issue #1339: bsdcpio_test: fix datatype in from_hex()
  Issue #1341: Safe writes: delete temporary file if rename fails
2020-03-02 02:12:53 +00:00
Martin Matuska 8185c4ae24 Update vendor/libarchive/dist to git 3288ebb0353beb51dfb09d444dedbe9235ead53d
Libarchive 3.4.2

Relevant vendor changes:
  PR #1289: atomic extraction support (bsdtar -x --safe-writes)
  PR #1308: big endian fix for UTF16 support in LHA reader
  PR #1326: reject RAR5 files that declare invalid header flags
  Issue #987: fix support 7z archive entries with Delta filter
  Issue #1317: fix compression output buffer handling in XAR writer
  Issue #1319: fix uname or gname longer than 32 characters in pax writer
  Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
  Use localtime_r() and gmtime_r() instead of localtime() and gmtime()
2020-02-11 23:48:03 +00:00
Martin Matuska 98c1f51f76 Update vendor/libarchive/dist to git 3f1bad815d02160ab27f7063257aed4b25dbaebe
Relevant vendor changes:
  Issue #1302: Re-do fix for archive_write_client_open()
2020-01-06 13:13:58 +00:00
Martin Matuska cbda686f24 Update vendor/libarchive/dist to git 5e270715b51d199467195b56f77e21cb8bb1d642
Relevant vendor changes:
  Issue #1302: Plug memory leak on failure of archive_write_client_open()
2020-01-05 01:30:41 +00:00
Martin Matuska ba770b4e70 Update vendor/libarchive/dist to cce09646b566c61c2debff58a70da780b8457883
Libarchive 3.4.1
2019-12-30 02:39:14 +00:00
Martin Matuska 6922acad9a Update vendor/libarchive/dist to git 1dae5a549fe4ab99fd3a49a9edcf897a7b2b1844
Relevant vendor changes:
  Issue #351: Refactor and implement private state logic for write filters
  PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
  PR #1255: zip writer - don't append unused NUL for directories
  PR #1260: Fix sparse file offset overflow on 32-bit systems
  PR #1263: UNICODE filename support for reading lha/lzh format
  Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
  PR #1288: Add the "xattrhdr" option to pax write options
  PR #1295: 7z reader - fix reading archives with digests in PackInfo
  PR #1296: RAR5 reader - verify window size for multivolume archives
  PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
  Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
  OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
  Fix possible off-by-one when dealing with readlink(2)
2019-12-28 23:40:32 +00:00
Martin Matuska a297901e6c Update vendor/libarchive/dist to git 2f3033ca23f8c21160506c3c7ac8a0df0d3fde42
Relevant vendor changes:
  Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
  PR #1249: Correct some typographical and grammatical errors.
  PR #1250: Minor corrections to the formatting of manual pages
2019-09-26 01:42:09 +00:00
Martin Matuska 085fce401b Update vendor/libarchive/dist to git d6d3799d6b309593f271c4c319dfba92efc95772
Relevant vendor changes:
  PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary
            (OSS-Fuzz 15431)
  PR #1218: Fixes to sparse file handling
2019-06-27 13:37:34 +00:00
Martin Matuska c31a08f64d Update vendor/libarchive/dist to git 809f0dc32fff7434aef45a7c688fa285c7208af7
Relevant vendor changes:
  PR #1212: RAR5 reader - window_mask was not updated correctly
            (OSS-Fuzz 15278)
  OSS-Fuzz 15120: RAR reader - extend use after free bugfix
  Add HAVE_UNLINKAT to config_freebsd.h
2019-06-17 11:29:32 +00:00
Martin Matuska 67e87fe612 Update vendor/libarchive/dist to git 91b5c59ada211293bd3d9fd6e803ebfc07085c04
- cosmetic changes only
2019-06-11 23:43:29 +00:00
Martin Matuska e3586989c2 Update vendor/libarchive/dist to git 614110e76d9dbb9ed3e159a71cbd75fa3b23efe3
Relevant vendor changes (release 3.4.0):
  - check_symlinks_fsobj() without chdir() and fchdir()
  - bsdtar.1 manpage fixes
  - patches from OpenBSD to libarchive_fe/passphrase.c
2019-06-11 23:16:13 +00:00
Martin Matuska 8e97bbedae Update vendor/libarchive/dist to git b5818e39e128eca4951e2ab10467d4d850a2ba57
Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
          (Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
          (OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
  OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
  OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
  OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
          (OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
          (OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

Additional RAR5 reader changes:
  - support symlinks, hardlinks, file owner, file group, versioned files
  - change ARCHIVE_FORMAT_RAR_V5 to 0x100000
  - set correct mode for readonly directories
  - support readonly, hidden and system Windows file attributes

NOTE: a version bump of libarchive will happen in the following days
2019-05-20 12:32:00 +00:00
Martin Matuska f9b2e63a44 Update vendor/libarchive/dist to git 3c079320b23ddf5ef38c443569c25898ad79ddb9
Relevant vendor changes:
  PR #1153: fixed 2 bugs in ZIP reader
  PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
  Changes to file flags code, support more file flags on FreeBSD:
    UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
    UF_ARCHIVE is not supported by intention (yet)
2019-03-25 11:39:49 +00:00
Martin Matuska 64339c4130 Update vendor/libarchive/dist to git 3532bc32819b14bfd8a3a5e3d3554ce14d939940
archive_read_disk_posix.c: initialize delayed_errno
2019-02-13 07:35:18 +00:00
Martin Matuska fbb1b16ad8 Update vendor/libarchive/dist to git 31c0a517c91f44eeee717a04db8b075cadda83d8
Relevant vendor changes:
  PR #1085: Fix a null pointer dereference bug in zip writer
  PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
            decopmpression
  PR #1116: Add support for 64-bit ar format
  PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
  PR #1125: RAR5 reader - fix an invalid read and a memory leak
  PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
            due to ENOENT [3]
  PR #1134: Delete unnecessary null pointer checks before calls of free()
  OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
  OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader

PR:		233006 [3]
Security:	CVE-2019-1000019 [1], CVE-2019-1000020 [2]
2019-02-12 22:29:41 +00:00
Martin Matuska c6234fa1ee Update vendor/libarchive/dist to git cef97307a3f681fcbb2cc02db6df3619a3f8b69c
Relevant vendor changes:
  PR #1105: Fix various crash, memory corruption and infinite loop conditions
2018-12-13 11:15:14 +00:00