Commit Graph

37 Commits

Author SHA1 Message Date
Martin Matuska
ddce862ad8 libarchive: import changes from upstream
Libarchive 3.5.2

New features:
  PR #1502: Support for PWB and v7 binary cpio formats
  PR #1509: Support of deflate algorithm in symbolic link decompression
            for ZIP archives

Important bugfixes:
  IS #1044: fix extraction of hardlinks to symlinks
  PR #1480: Fix truncation of size values during 7zip archive
            extraction on 32bit architectures
  PR #1504: fix rar header skiming
  PR #1514: ZIP excessive disk read - fix location of central directory
  PR #1520: fix double-free in CAB reader
  PR #1521: Fixed leak of rar before ending with error
  PR #1530: Handle short writes from archive_write_callback
  PR #1532: 7zip: Use compression settings from file also for file header
  IS #1566: do not follow symlinks when processing the fixup list

MFC after:	2 weeks
Relnotes:	yes
2021-08-23 03:07:36 +02:00
Martin Matuska
f55be4fc57 MFV r358511,r358532:
Sync libarchive with vendor.

Relevant vendor changes:
  Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker
  PR #1331: cpio.5: fix hard link description
  Issue #1335: archive_read.c: fix UBSan warning about undefined behavior
  Issue #1338: XAR reader: fix UBSan warning about undefined behavior
  Issue #1339: bsdcpio_test: fix datatype in from_hex()
  Issue #1341: Safe writes: delete temporary file if rename fails.
  Issue #1341: Safe writes: improve error handling

MFC after:	1 week
2020-03-02 08:44:58 +00:00
Martin Matuska
f976241773 MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
  PR #1289: atomic extraction support (bsdtar -x --safe-writes)
  PR #1308: big endian fix for UTF16 support in LHA reader
  PR #1326: reject RAR5 files that declare invalid header flags
  Issue #987: fix support 7z archive entries with Delta filter
  Issue #1317: fix compression output buffer handling in XAR writer
  Issue #1319: fix uname or gname longer than 32 characters in pax writer
  Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
  Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With:	r356212,r356365,r356416
MFC after:	1 week
2020-02-12 00:16:56 +00:00
Martin Matuska
f057565e0d MFV r352731:
Sync libarchive with vendor.

Relevant vendor changes:
  Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
  PR #1249: Correct some typographical and grammatical errors.
  PR #1250: Minor corrections to the formatting of manual pages

MFC after:	1 week
2019-09-26 01:50:20 +00:00
Martin Matuska
52c2bb7516 MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
  Issue #795: XAR - do not try to add xattrs without an allocated name
  PR #812: non-recursive option for extract and list
  PR #958: support reading metadata from compressed files
  PR #999: add --exclude-vcs option to bsdtar
  Issue #1062: treat empty archives with a GNU volume header as valid
  PR #1074: Handle ZIP files with trailing 0s in the extra fields
            (Android APK archives)
  PR #1109: Ignore padding in Zip extra field data (Android APK archives)
  PR #1167: fix problems related to unreadable directories
  Issue #1168: fix handling of strtol() and strtoul()
  PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
  PR #1174: ZIP reader - fix of MSZIP signature parsing
  PR #1175: gzip filter - fix reading files larger than 4GB from memory
  PR #1177: gzip filter - fix memory leak with repeated header reads
  PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
  PR #1181: RAR5 - fix merge_block() recursion
            (OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
  PR #1183: fix memory leak when decompressing ZIP files with LZMA
  PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
    OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
    OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
    OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
  PR #1186: RAR5 - fix invalid type used for dictionary size mask
            (OSS-Fuzz 14537)
  PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
  PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
            (OSS-Fuzz 14574)
  PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
  OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
  OSS-Fuzz 14331: RAR5 - fix maximum owner name length
  OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

  Additional RAR5 reader changes:
    - support symlinks, hardlinks, file owner, file group, versioned files
    - change ARCHIVE_FORMAT_RAR_V5 to 0x100000
    - set correct mode for readonly directories
    - support readonly, hidden and system Windows file attributes

MFC after:	2 weeks
2019-05-20 12:57:39 +00:00
Martin Matuska
a39fc08da2 MFV r344063:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #1085: Fix a null pointer dereference bug in zip writer
  PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
            decopmpression
  PR #1116: Add support for 64-bit ar format
  PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
  PR #1125: RAR5 reader - fix an invalid read and a memory leak
  PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
            due to ENOENT [3]
  PR #1134: Delete unnecessary null pointer checks before calls of free()
  OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
  OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader

PR:		233006 [3]
Security:	CVE-2019-1000019 [1], CVE-2019-1000020 [2]
MFC after:	2 weeks
2019-02-12 23:24:45 +00:00
Martin Matuska
276f481d65 MFV r340865:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #1080: Spelling fixes
  PR #1084: RAR5 reader bugfixes
  PR #1091: fix use-after-free in delayed newc link processing
  PR #1092: Fix a few obvious resource leaks and strcpy() misuses

MFC after:	1 week
2018-11-24 01:25:45 +00:00
Martin Matuska
b1c91e4b6c MFV r339640,339641,339644:
Sync libarchive with vendor

Relevant vendor changes:
  PR #1013: Add missing h_base offset when performing absolute seeks in
            xar decompression
  PR #1061: Add support for extraction of RAR v5 archives
  PR #1066: Fix out of bounds read on empty string filename for gnutar, pax
            and v7tar
  PR #1067: Fix temporary file path buffer overflow in tests
  IS #1068: Correctly process and verify integer arguments passed to
            bsdcpio and bsdtar
  PR #1070: Don't default XAR entry atime/mtime to the current time

MFC after:	1 month
2018-10-25 21:44:17 +00:00
Martin Matuska
a7bc28227e MFV r338519:
Update libarchive to 3.3.3

As all important changes have already been merged from libarchive git
this is just version number bump, documentation update and some
polishing for cpio tests. Other source code changes are not relevant to
FreeBSD.

Approved by:	re (gjb)
MFC after:	1 week
2018-09-11 20:51:34 +00:00
Martin Matuska
f1951fd745 MFV r336851:
Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14

Important vendor changes:
  PR #993: Chdir to -C directory for metalog processing
  OSS-Fuzz #4969: Check size of the extended time field in zip archives
  PR #973: Record informational compression level in gzip header

MFC after:	1 week
2018-07-29 00:12:16 +00:00
Martin Matuska
5c831a5bd6 MFV r324145,324147:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #905: Support for Zstandard read and write filters
  PR #922: Avoid overflow when reading corrupt cpio archive
  Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
  OSS-Fuzz 2936: Place a limit on the mtree line length
  OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
  OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)

MFC after:	1 week
Security:	CVE-2017-14166, CVE-2017-14502
2017-10-01 00:40:23 +00:00
Enji Cooper
9596f60f16 cpio/tests/test_option_lz4: fix a use after free in the failure case
This change will be upstreamed to the libarchive project.

MFC after:	6 days
MFC with:	r317782
Reported by:	Coverity
Sponsored by:	Dell EMC Isilon
2017-05-11 08:22:01 +00:00
Martin Matuska
a8fc61d51a MFV r317781:
Sync libarchive with vendor

Vendor changes (FreeBSD-related):
  PR 897: add test for ZIP archives with invalid EOCD headers
  PR 901: fix invalid renaming of sparse files
  OSS-Fuzz issue 497: remove fallback tree in LZX decoder
  OSS-Fuzz issue 527: rewrite expressions in lz4 filter
  OSS-Fuzz issue 577: fix integer overflow in cpio reader
  OSS-Fuzz issue 862: fix numerc parsing in mtree reader
  OSS-Fuzz issue 1097: fix undefined shift in rar reader
  cpio: various optimizations and memory leak fixes

MFC after:	1 week
2017-05-04 00:04:17 +00:00
Martin Matuska
4657548d18 MFV r315633, 315635:
Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
  PR 867 (bsdcpio): show numeric uid/gid when names are not found
  PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
  PR 880 (pax): Fix handling of "size" pax header keyword
  PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
  OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
  Break ACL read/write code into platform-specific source files
  Unbreak static dependency on libbz2

MFC after:	1 week
2017-03-20 13:02:27 +00:00
Martin Matuska
642870485c MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
  PR #501: improvements in ACL path handling
  PR #724: fix hang when reading malformed cpio files
  PR #864: fix out of bounds read with malformed GNU tar archives
  Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
  Access Control Lists (--acls, --no-acls)
  Extended file flags (--fflags, --no-fflags)
  Extended attributes (--xattrs, --no-xattrs)
  Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after:	2 weeks
2017-03-02 22:59:35 +00:00
Martin Matuska
09c253fd1b MFV r310798:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after:	2 weeks
2016-12-30 22:54:08 +00:00
Martin Matuska
7105995c64 MFV r310622:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 846: Spelling fixes
PR 850: Fix issues with reading certain jar files
OSS-Fuzz 286: Bugfix in archive_strncat_l()
2016-12-27 01:10:28 +00:00
Martin Matuska
6a414569b3 MFV r310115,310184:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after:	1 week
2016-12-17 02:07:08 +00:00
Enji Cooper
63ecfce853 Merge changes from vendor to address several Coverity issues with
contrib/libarchive's tests

MFC after:	2 weeks
Obtained from:	libarchive (ebe29c, fd0ea2, f9e3de)
Reported by:	Coverity
2016-12-12 02:21:56 +00:00
Martin Matuska
a2e802b76b MFV r309587:
Sync libarchive with vendor.

Vendor bugfixes:

libarchive #831:
  Spelling fixes
libarchive #832:
  Relax sanity checks of number fields in tar header even more
OSS-Fuzz #16:
  Fix possible hang in uudecode_filter_read()
OSS-Fuzz #220:
  Reject an 'ar' filename table larger than 1GB or a filename larger
  than 1MB.

MFC after:	1 week
2016-12-06 01:35:27 +00:00
Martin Matuska
98b53e14eb MFV r307859:
Update libarchive to 3.2.2
2016-10-24 14:08:05 +00:00
Martin Matuska
2a21e8bd77 MFV r307214:
Sync libarchive with vendor. Style and tests fixes.

Important vendor bugfixes (relevant to FreeBSD):
#801: FreeBSD Coverity report: resource leak in libarchive/tar/test/main.c

MFC after:	1 week
2016-10-13 11:40:34 +00:00
Martin Matuska
f3e9b21a7a MFV r306669:
Sync libarchive with vendor including security fixes.

Important vendor bugfixes (relevant to FreeBSD):
#747: Out of bounds read in mtree parser
#761: heap-based buffer overflow in read_Header (7-zip)
#784: Invalid file on bsdtar command line results in internal errors (1)

PR:		213092 (1)
MFC after:	1 week
2016-10-04 11:56:46 +00:00
Martin Matuska
cfa49a9b0b MFV r304060:
Sync libarchive with vendor including three security fixes

Vendor issues fixed:

Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD

MFC after:	3 days
2016-08-14 09:26:10 +00:00
Martin Matuska
f061a2215f MFV r302003,r302037,r302038,r302056:
Update libarchive to 3.2.1 (bugfix and security fix release)

List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
  (vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
  parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
  (vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
  (vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
  where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
  missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
  long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
  characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes

Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader

MFC after:	1 week
Security:	CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
Approved by:	re (kib)
2016-06-22 07:49:59 +00:00
Martin Matuska
c38ff13d6a Revert r299576 and MFV r299895:
Revert r299576:
Fix broken cpio behavior.

MFV r299895:
Update to vendor git commit 860ec63.

MFC after:	3 weeks (together with libarchive 3.2.0)
Fix broken cpio behavior in pass-through mode with vendor code.
2016-05-16 05:01:44 +00:00
Martin Matuska
ec0bb2035e Fix broken cpio behavior.
Suggested upstream as PR #704.

MFC:	1 month (together with libarchive 3.2.0)
2016-05-12 22:51:04 +00:00
Martin Matuska
cdf63a700c MFV r299425:
Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
  similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after:	1 month
Relnotes:	yes
2016-05-12 10:16:16 +00:00
Dimitry Andric
fdaadf20c4 Fix the following -Werror warning from clang 3.5.0, while building
usr.bin/cpio on amd64 (or any arch with 64-bit time_t):

contrib/libarchive/cpio/cpio.c:1143:6: error: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Werror,-Wabsolute-value]
        if (abs(mtime - now) > (365/2)*86400)
            ^
contrib/libarchive/cpio/cpio.c:1143:6: note: use function 'labs' instead
        if (abs(mtime - now) > (365/2)*86400)
            ^~~
            labs
1 error generated.

This is because time_t is a long on amd64. To avoid the warning, just
copy the equivalent test from a few lines before, which is used in the
Windows case, and which is type safe.

Reviewed by:	emaste
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D1198
2014-11-22 12:10:09 +00:00
Martin Matuska
acc60b03c1 MFV r248590,248594:
Update libarchive to 3.1.2

Some of new features:
  - support for lrzip and grzip compression
  - support for writing tar v7 format
  - b64encode and uuencode filters
  - support for __MACOSX directory in Zip archives
  - support for lzop compresion (external utility)
2013-03-22 13:36:03 +00:00
Martin Matuska
fd082e96c4 Update libarchive to 3.0.4 2012-07-28 06:38:44 +00:00
Martin Matuska
6c95142e79 Update libarchive to 3.0.3
Some of new features:
  - New readers: RAR, LHA/LZH, CAB reader, 7-Zip
  - New writers: ISO9660, XAR
  - Improvements to many formats, especially including ISO9660 and Zip
  - Stackable write filters to write, e.g., tar.gz.uu in a single pass
  - Exploit seekable input; new "seekable" Zip reader can exploit the Zip
    Central Directory when it's available; the old "streamable" Zip reader
    is still fully supported for cases where seeking is not possible.

Full release notes available at:
	https://github.com/libarchive/libarchive/wiki/ReleaseNotes
2012-02-25 10:58:02 +00:00
Martin Matuska
584ad8fd32 Merge FreeBSD changes from usr.bin/cpio to contrib/libarchive/cpio:
r204111 (uqs):
Fix common misspelling of hierarchy

r211054 (kientzle);
Fix -R when used with -p.  Previously, the
uname and gname weren't overwritten, so the
disk restore would use those to lookup the
original uid/gid again.  Clearing the uname
and gname prevents this.

r212263 (gjb):
Fix typo in bsdcpio manual:
s/libarchive_formats/libarchive-formats

MFC after:	2 weeks
2011-12-21 15:33:13 +00:00
Martin Matuska
6151a4093b Remove config_freebsd.h and add to FREEBSD-Xlist
This file is common for libarchive, cpio and tar and is going to be located
outside of contrib (lib/libarchive)
2011-12-21 12:59:09 +00:00
Martin Matuska
76c1e34f2e Strip unnecessary files and directories from contrib/libarchive
according to FREEBSD-Xlist

MFC after:	2 weeks
2011-12-21 11:18:49 +00:00
Martin Matuska
6c22d9efb7 Set svn:keywords to FreeBSD=%H for contrib/libarchive
MFC after:	2 weeks
2011-12-21 11:13:29 +00:00
Martin Matuska
caf54c4f6c Copy libarchive from vendor branch to contrib
MFC after:	2 weeks
2011-12-21 11:09:24 +00:00