Update libarchive to 3.2.1 (bugfix and security fix release)
List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
(vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
(vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
(vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes
Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader
MFC after: 1 week
Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
Approved by: re (kib)
mkimg has had a number of functional additions after the last time the
version was incremented. Do so now, to r292082's commit date, so that
users can determine what is supported.
Reviewed by: marcel
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D6882
ar output is already deterministic by default for ar -q and ar -r, and
when invoked as ranlib. Make ar -s equivalent to ranlib and enable
deterministic output by default in that case too.
PR: 210330
Reviewed by: bdrewery
Approved by: re (gjb)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D6871
The bsd.dep.mk yacc targets rely on only the .c file getting a .meta
file. However the previous code here relying on only the .h file meant
that it would be generated with a .meta file. r301285 made it so that
the .h file is never expected to get a .meta file. To keep this
restriction in place add in an extra dependency on the .c file so that
it is generated at this time. It's a hack but the best for the patterns
we have at the moment for handling build-tools and side-effect-generated
files.
Reported by: Mark Millard
Approved by: re (implicit)
Sponsored by: EMC / Isilon Storage Division
Rather than guarding close(fd) with an fd >= 0 test and setting fd
to -1 when it is closed to avoid a potential double-close, just
move the close() call after the conditional "goto make_token". This
moves the close() call totally outside the loop to avoid the
possibility of calling it twice. This should also prevent a Coverity
warning about checking fd for validity after it was previously passed
to read().
Reported by: Coverity
CID: 1355335
MFC after: 1 week
X-MFC with: r299484
mkimg(1) uses a swap file to back input file chunks. When the output file
is being written out, blocks of the swap file are mapped and their contents
copied. This causes the backing VM pages to enter the active queue, and when
the output file is large relative to system memory (as is generally the
case), can result in a shortfall of inactive memory. This causes the
pagedaemon to aggressively scan the active queue and swap out process
memory in an attempt to meet the shortfall. Because mkimg's input files
are typically the intermediate result of some build process, there's no
need to push them all through the active queue. Use madvise(2) to indicate
that the backing pages may be reclaimed in preference to active pages. In
the case of the swap file, these pages will be freed as soon as mkimg
exits anyway.
When using mkimg on a desktop-class system with large amounts of dirty
process memory, this change substantially improves mkimg runtime and
reduces swap usage.
Reviewed by: marcel
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6654
discovery without attaching to the targets ("iscsictl -Ad ... -e off"),
and then attach to selected ones ("iscsictl -Mi ... -e on").
PR: 204129
MFC after: 1 month
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D6633
Somehow the /usr/include path got lost in this particular case.
Just pass it along from --sysroot as was already done for
DIRDEPS_BUILD.
Sponsored by: EMC / Isilon Storage Division
In addition to the previous change I made to ar.c, pull in another
basename() related fix. This change is similar to the one made to the
ELF Toolchain version of ar, with the difference that the ELF Toolchain
version lacks error handling for the strdup() call.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D6467
Summarizing the findings in the OpenBSD list:
This solves a reproduceable issue with very recent Mesa where REG_NOTBOL
combined with a match at the begin of the string causes our regex library
to treat the word as not begin of word.
Thanks to Martijn van Duren and Ingo Schwarze for taking the time to
solve this in the least invasive way.
PR: 209352, 209387
Taken from: openbsd-tech (Martijn van Duren)
MFC after: 1 month
st_mtim was being incorrectly described as "stime=", not "mtime=". This was
introduced with the original feature commit (r176471).
MFC after: 1 week
PR: 209699
Submitted by: naddy
Sponsored by: EMC / Isilon Storage Division
The density code and bits per mm values were obtained from an
actual drive density report.
The number of tracks were obtained from an LTO-7 hardware
announcement on IBM's web site.
Sponsored by: Spectra Logic
MFC after: 3 days
If basename() uses "char *", we shouldn't do the intermediate
assignment, as that field is of type "const char *". Simply call
basename() on the command line argument directly.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D6463
This should fix the build on older stable/10, since install is a bootstrap
tool.
Pending a decision how to fix this properly, revert utimensat usage. Copies
with the -p option will again appear older than the original almost always,
but -p is not commonly used.
expand(). Never return the name parameter, which could be a the buf[]
buffer which is allocated on the stack by getdeadletter() and which
would then be used after getdeadletter() has returned.
Reported by: Coverity
CID: 1199383
MFC after: 1 week
memcpy() instead. It's probably a bit more optimal in this case
anyway. [1]
The program logic leading up to the creation of the strncpy/memcpy
destination buffer is a bit hairy. Add a call to assert() to make
it clear what is happening here and detect any potential buffer
overruns in the future.
Check a couple syscall error returns. Ignore the EEXIST error from
link() to preserve existing behavior. [2] [3]
Reported by: Coverity
CID: 1009659 [1], 1009349 [2], 1009350 [3]
Update libarchive to 3.2.0
New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive
Patched files (fixed compiler warnings):
contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)
MFC after: 1 month
Relnotes: yes
to ensure that the destination is NUL terminated. Length truncation
of one more character should not be an issue since encoding values
that long are not supported by libc. The destination string is
treated as a NUL terminated string, but it is only passed to strcmp()
for comparison to a set of shorter, fixed length strings, so this
is not a serious problem.
Reported by: Coverity
CID: 974769
MFC after: 1 week