Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- support the UF_HIDDEN file flag
Release 3.3.1
Notable vendor changes:
PR #501: improvements in ACL path handling
PR #724: fix hang when reading malformed cpio files
PR #864: fix out of bounds read with malformed GNU tar archives
Test suite improvements
New options to bsdtar that enable or disable reading and/or writing of:
Access Control Lists (--acls, --no-acls)
Extended file flags (--fflags, --no-fflags)
Extended attributes (--xattrs, --no-xattrs)
Vendor changes (relevant to FreeBSD):
- bugfixes, improvemens and optimizations in ACL code
- NFSv4 ACLs can now be extracted from Solaris tar archives
Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
(OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)
Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header() (Coverity 1016752)
- iso 9660 reader: missing free in parse_file_info() (part. Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_locazip_read_local_file_header()
Important vendor bugfixes (relevant to FreeBSD):
#821: tar -P cannot extract hardlinks through symlinks
#825: Add sanity check of tar "uid, "gid" and "mtime" fields
Vendor issues fixed:
PR #777: Multiple bugfixes for setup_acls()
This fixes a bug that caused ACLs not to be read properly for files and
directories inside subdirectories and as a result not being stored in tar
archives.
Vendor issues fixed:
#686: Correctly grow buffer in archive_string_append_from_wcs_in_codepage()
FreeBSD PR #204157: Fix test on filesystems without birthtime support
PR: 204157
Fixed vendor issues:
Issue 553: Fix broken decryption for ZIP files
Issue 657: Allow up to 8k for the test root directory name
Issue 682: Correctly write gnutar filenames of exactly 512 bytes
Issue 708: tar should fail if a named input file is missing
PR 715: Fix libarchive/archive_read_support_format_mtree.c:1388:11:
error: array subscript is above array bounds
