Commit Graph

74 Commits

Author SHA1 Message Date
mm
b2f0376b45 MFV r324145,324147:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #905: Support for Zstandard read and write filters
  PR #922: Avoid overflow when reading corrupt cpio archive
  Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
  OSS-Fuzz 2936: Place a limit on the mtree line length
  OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
  OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)

MFC after:	1 week
Security:	CVE-2017-14166, CVE-2017-14502
2017-10-01 00:40:23 +00:00
mm
293e0ea4cb MFV r321673:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #926: ensure ar strtab is null terminated

MFC after:	1 week
2017-07-28 23:56:07 +00:00
mm
10b648ba1d Fix libarchive mismerge of r320927 in libarchive_entry.h
MFC after:	1 week
X-MFC-with:	320927
Reported by:	Ngie Cooper <ngie@FreeBSD.org>
2017-07-13 04:46:00 +00:00
mm
5e90911210 Fix libarchive mismerge of r320927
MFC after:	1 week
X-MFC-with:	320927
Reported by:	Ngie Cooper <ngie@FreeBSD.org>
2017-07-13 04:42:29 +00:00
mm
430f32b033 MFV r320924:
Bump libarchive to 3.3.2

Vendor changes:
  PR #901: don't depend on stdin in a testcase

MFC after:	1 week
2017-07-13 00:28:36 +00:00
ngie
092aec6972 cpio/tests/test_option_lz4: fix a use after free in the failure case
This change will be upstreamed to the libarchive project.

MFC after:	6 days
MFC with:	r317782
Reported by:	Coverity
Sponsored by:	Dell EMC Isilon
2017-05-11 08:22:01 +00:00
mm
73f895d1f8 MFV r317781:
Sync libarchive with vendor

Vendor changes (FreeBSD-related):
  PR 897: add test for ZIP archives with invalid EOCD headers
  PR 901: fix invalid renaming of sparse files
  OSS-Fuzz issue 497: remove fallback tree in LZX decoder
  OSS-Fuzz issue 527: rewrite expressions in lz4 filter
  OSS-Fuzz issue 577: fix integer overflow in cpio reader
  OSS-Fuzz issue 862: fix numerc parsing in mtree reader
  OSS-Fuzz issue 1097: fix undefined shift in rar reader
  cpio: various optimizations and memory leak fixes

MFC after:	1 week
2017-05-04 00:04:17 +00:00
mm
90e4f01f08 MFV r316454,316455:
Vendor changes (FreeBSD-related):
  Report which extended attributes could not be restored
  Update archive_read_disk.3 and archive_write_disk.3 manual pages
  Plug memory leaks in xattr tests.

MFC after:	1 week
2017-04-03 12:26:20 +00:00
mm
6865a62f40 MFV r316083,316094:
Sync libarchive with vendor

Vendor changes (FreeBSD-related):
- constify variables in several places
- unify platform ACL code in a single source file
- fix unused variable if compiling on FreeBSD without NFSv4 ACL support

MFC after:	3 days
X-MFC-with:	315636, 315876
2017-03-28 10:39:17 +00:00
mm
5fb73187c4 MFV r315875:
Sync libarchive with vendor.

Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag

X-MFC with:	315636
2017-03-24 00:02:12 +00:00
mm
db10b50bcd MFV r315633, 315635:
Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
  PR 867 (bsdcpio): show numeric uid/gid when names are not found
  PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
  PR 880 (pax): Fix handling of "size" pax header keyword
  PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
  OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
  Break ACL read/write code into platform-specific source files
  Unbreak static dependency on libbz2

MFC after:	1 week
2017-03-20 13:02:27 +00:00
mm
e42e0ff9b1 MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
  PR #501: improvements in ACL path handling
  PR #724: fix hang when reading malformed cpio files
  PR #864: fix out of bounds read with malformed GNU tar archives
  Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
  Access Control Lists (--acls, --no-acls)
  Extended file flags (--fflags, --no-fflags)
  Extended attributes (--xattrs, --no-xattrs)
  Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after:	2 weeks
2017-03-02 22:59:35 +00:00
imp
7e6cabd06e Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
mm
bde1425228 MFV r313781:
Sync libarchive with vendor

Vendor changes:
Make SCHILY.acl.ace header more compact (NFSv4 ACLs)

Vendor bugfixes:
zip reader integer parsing fix (OSS-Fuzz 556)
spelling fixes (issue #863)
2017-02-15 20:17:55 +00:00
mm
29c9badfdc MFV r313569:313569:313569:
Sync libarchive with vendor

Vendor bugfixes:
cpio reader sanity fix (OSS-Fuzz 504)
WARC reader sanity fixes (OSS-Fuzz 511, 526, 532, 552)
mtree reader time parsing fix (OSS-Fuzz 538)
XAR reader memleak fix (OSS-Fuzz 551)

MFC after:	1 week
2017-02-11 01:00:58 +00:00
mm
359e87e77a MFV r313071:
Sync libarchive with vendor

Vendor changes (relevant to FreeBSD):
- support extracting NFSv4 ACLs from Solaris tar archives
- bugfixes and optimizations in the ACL code
- multiple fixes in the test suite
- typo and other small bugfixes

Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1()
  (CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
  (OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header()
  (Coverity 101675)
- iso 9660 reader: missing free in parse_file_info()
  (partial Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup()
  (Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_local_file_header()

MFC after:	1 week
X-MFC with:	310866, 310868, 310870, 311899
2017-02-02 00:50:46 +00:00
mm
26c7b0b494 MFV r311899:
Sync libarchive with vendor.

Vendor bugfixes:
#691: Support for SCHILY.xattr extended attributes
#854: Spelling fixes

Multiple fixes in ACL code:
  - prefer acl_set_fd_np() to acl_set_fd()
  - if acl_set_fd_np() fails, do no fallback to acl_set_file()
  - do not warn if trying to write ACLs to a filesystem without ACL support
  - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs

MFC after:	1 week
X-MFC with:	r310866
2017-01-10 21:59:35 +00:00
mm
94655e777d MFV r310869:
Sync libarchive with vendor.

Vendor bugfixes:
Use __LA_DEPRECATED macro with functions deprecated in 379867e (r310796)

MFC after:	2 weeks
X-MFC with:	r310866
2016-12-30 23:05:06 +00:00
mm
1f036f8ac2 MFV r310798:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after:	2 weeks
2016-12-30 22:54:08 +00:00
mm
dd5f92d308 MFV r310796, r310797:
Sync libarchive with vendor.

Vendor changes (relevant to FreeBSD):
PR #771: Add NFSv4 ACL support to pax and restricted pax

NFSv4 ACL information may now be stored to and restored from tar archives.
ACL must be non-trivial and supported by the underlying filesystem, e.g.
natively by ZFS or by UFS with the NFSv4 ACL enable flag set.

MFC after:	2 weeks
Relnotes:	yes
2016-12-30 22:18:22 +00:00
mm
5e2d367430 MFV r310622:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 846: Spelling fixes
PR 850: Fix issues with reading certain jar files
OSS-Fuzz 286: Bugfix in archive_strncat_l()
2016-12-27 01:10:28 +00:00
mm
8752f49015 MFV r310115,310184:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after:	1 week
2016-12-17 02:07:08 +00:00
ngie
d68a9833c6 Merge changes from vendor to address several Coverity issues with
contrib/libarchive's tests

MFC after:	2 weeks
Obtained from:	libarchive (ebe29c, fd0ea2, f9e3de)
Reported by:	Coverity
2016-12-12 02:21:56 +00:00
mm
a010944f5a MFV r309587:
Sync libarchive with vendor.

Vendor bugfixes:

libarchive #831:
  Spelling fixes
libarchive #832:
  Relax sanity checks of number fields in tar header even more
OSS-Fuzz #16:
  Fix possible hang in uudecode_filter_read()
OSS-Fuzz #220:
  Reject an 'ar' filename table larger than 1GB or a filename larger
  than 1MB.

MFC after:	1 week
2016-12-06 01:35:27 +00:00
mm
46f0955edf Relax sanity check of number fields in tar header even more.
This fixes reading tar archives created by older versions of
plexus-archiver (used by maven-assembly-plugin) that fill uid and gid
fields with spaces (PLXCOMP-233).

Vendor issue:
https://github.com/libarchive/libarchive/issues/832

Reported by:	Antoine Brodin <antoine@freebsd.org>
MFC after:	1 week
2016-12-04 02:58:13 +00:00
mm
8bdc681e61 MFV r309403:
Sync libarchive with vendor.

Vendor bugfixes:
Fix for heap-buffer-overflow in archive_le16dec()
Fix for heap-buffer-overflow in uudecode_bidder_bid()
Reworked fix for compatibility with archives created by Perl Archive::Tar

MFC after:	1 week
2016-12-02 09:30:13 +00:00
mm
b40a10d36b MFC r309362:
Sync libarchive with vendor.
Small improvements, style fixes, bugfixes.
Restores compatibility with tar archives created with Perl Archive::Tar (1)

MFC after:	1 week
Reported by:	Matthew Seaman <matthew@freebsd.org> (1)
2016-12-01 15:46:26 +00:00
mm
cf9b3d8c3e MFV r309299:
Sync libarchive with vendor.

Important vendor bugfixes (relevant to FreeBSD):
#821: tar -P cannot extract hardlinks through symlinks
#825: Add sanity check of tar "uid, "gid" and "mtime" fields

PR:		213255
Reported by:	Tijl Coosemans <tilj@FreeBSD.org>
MFC after:	1 week
2016-11-29 22:14:42 +00:00
mm
7fe6ca699f MFV r307859:
Update libarchive to 3.2.2
2016-10-24 14:08:05 +00:00
mm
288028aac3 MFV r307214:
Sync libarchive with vendor. Style and tests fixes.

Important vendor bugfixes (relevant to FreeBSD):
#801: FreeBSD Coverity report: resource leak in libarchive/tar/test/main.c

MFC after:	1 week
2016-10-13 11:40:34 +00:00
mm
5913b201c3 MFV r306669:
Sync libarchive with vendor including security fixes.

Important vendor bugfixes (relevant to FreeBSD):
#747: Out of bounds read in mtree parser
#761: heap-based buffer overflow in read_Header (7-zip)
#784: Invalid file on bsdtar command line results in internal errors (1)

PR:		213092 (1)
MFC after:	1 week
2016-10-04 11:56:46 +00:00
mm
dfb2179f22 MFV r305816:
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r304989.

MFC after:	1 week
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
2016-09-14 21:15:01 +00:00
mm
bf0faca8b0 MFV r305420:
Sync libarchive with vendor

Vendor issues fixed:
PR #777: Multiple bugfixes for setup_acls()

This includes a bugfix for a bug that caused ACLs not to be read properly
for files and directories inside subdirectories and as a result not being
stored or being incorrectly stored in tar archives.

MFC after:	3 days
2016-09-05 15:40:41 +00:00
mm
47ae52f4d6 Redo MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after:	3 days
2016-08-29 06:54:38 +00:00
mm
380aa06a5f Revert r304869
This commit was incorrect and will be re-committed asap.
2016-08-29 06:50:45 +00:00
mm
8c8fc43e8a MFV r304866:
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Issue #748: Zip decompression failure with highly-compressed data
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC after:	3 days
2016-08-26 23:50:44 +00:00
mm
bd971a53c8 MFV r304060:
Sync libarchive with vendor including three security fixes

Vendor issues fixed:

Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD

MFC after:	3 days
2016-08-14 09:26:10 +00:00
mm
d19e109faf MFV r302264:
Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
  test_write_format_gnutar_filenames.c

MFC after:	1 week
PR:		204157 (1)
Approved by:	re (hrs)
2016-06-30 08:51:50 +00:00
mm
fbcd396bf9 MFV r302003,r302037,r302038,r302056:
Update libarchive to 3.2.1 (bugfix and security fix release)

List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
  (vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
  parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
  (vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
  (vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
  where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
  missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
  long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
  characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes

Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader

MFC after:	1 week
Security:	CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
Approved by:	re (kib)
2016-06-22 07:49:59 +00:00
mm
52a2d07be7 Revert r299576 and MFV r299895:
Revert r299576:
Fix broken cpio behavior.

MFV r299895:
Update to vendor git commit 860ec63.

MFC after:	3 weeks (together with libarchive 3.2.0)
Fix broken cpio behavior in pass-through mode with vendor code.
> Description of fields to fill in above:                     76 columns --|
> PR:                       If and which Problem Report is related.
> Submitted by:             If someone else sent in the change.
> Reported by:              If someone else reported the issue.
> Reviewed by:              If someone else reviewed your modification.
> Approved by:              If you needed approval for this commit.
> Obtained from:            If the change is from a third party.
> MFC after:                N [day[s]|week[s]|month[s]].  Request a reminder email.
> MFH:                      Ports tree branch name.  Request approval for merge.
> Relnotes:                 Set to 'yes' for mention in release notes.
> Security:                 Vulnerability reference (one per line) or description.
> Sponsored by:             If the change was sponsored by an organization.
> Differential Revision:    https://reviews.freebsd.org/D### (*full* phabric URL needed).
> Empty fields above will be automatically removed.

_M   libarchive
_M   libarchive/cpio
M    libarchive/cpio/bsdcpio.1
M    libarchive/cpio/cpio.c
_M   libarchive/libarchive
M    libarchive/libarchive/archive_read_support_format_cpio.c
2016-05-16 05:01:44 +00:00
mm
b47968a7ae Fix broken cpio behavior.
Suggested upstream as PR #704.

MFC:	1 month (together with libarchive 3.2.0)
2016-05-12 22:51:04 +00:00
mm
38e8840f40 MFV r299425:
Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
  similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after:	1 month
Relnotes:	yes
2016-05-12 10:16:16 +00:00
delphij
ed4a493581 MFV r295913:
Partially apply upstream changeset 6e06b1c8 (kientzle).

Limit filter recursion level to 25 (instead of infinite).  This fixes a
potential crash issue discovered by Alexander Cherepanov.

PR:		207362
Reported by:	Robert Clausecker
Obtained from:	libarchive github project
2016-02-23 07:13:22 +00:00
bdrewery
ca4793bcc9 MFV r285970:
Apply upstream changeset bf4f6ec64e:

  Fix issue 356: properly skip a sparse file entry in a tar file.

PR:		201506
MFC after:	3 days
Relnotes:	yes
2015-07-28 18:41:28 +00:00
delphij
7c3977ee20 MFV r282927,r282928,r282930 (kientzle):
Don't segfault when reading malformed cpio archives.

MFC after:	3 days
2015-05-14 22:35:26 +00:00
bdrewery
b845121fe0 Fix --one-file-system to include the directory encountered rather than
excluding it.  This was broken in 3.0.4 (r238856).

Obtained from:	https://github.com/libarchive/libarchive/commit/fa9e61
MFC after:	3 days
Sponsored by:	EMC / Isilon Storage Division
2015-03-31 00:00:47 +00:00
dim
f3c5cded78 Fix the following -Werror warning from clang 3.5.0, while building
usr.bin/cpio on amd64 (or any arch with 64-bit time_t):

contrib/libarchive/cpio/cpio.c:1143:6: error: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Werror,-Wabsolute-value]
        if (abs(mtime - now) > (365/2)*86400)
            ^
contrib/libarchive/cpio/cpio.c:1143:6: note: use function 'labs' instead
        if (abs(mtime - now) > (365/2)*86400)
            ^~~
            labs
1 error generated.

This is because time_t is a long on amd64. To avoid the warning, just
copy the equivalent test from a few lines before, which is used in the
Windows case, and which is type safe.

Reviewed by:	emaste
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D1198
2014-11-22 12:10:09 +00:00
ae
f2499d908c Remove leading '/' from hardlink name when removing them from the
regular file name. This fixes the problem, when bsdtar can not create
hardlinks to extracted files.

Silence from:	kientzle@
MFC after:	1 week
Sponsored by:	Yandex LLC
2014-08-26 13:11:38 +00:00
mdf
da578c6492 Fix return type of extattr_set_* and fix rmextattr(8) utility.
extattr_set_{fd,file,link} is logically a write(2)-like operation and
should return ssize_t, just like extattr_get_*.  Also, the user-space
utility was using an int for the return value of extattr_get_* and
extattr_list_*, both of which return an ssize_t.

MFC after:	1 week
2013-04-02 05:30:41 +00:00
mm
460d7eef6f Merge bugfix from vendor master branch:
Limit write requests to at most INT_MAX.
This prevents a certain common programming error (passing -1 to write)
from leading to other problems deeper in the library.

References:
https://github.com/libarchive/libarchive/commit/22531545514043e0

Reported by:	Xin Li <delphij@FreeBSD.org>
Obtained from:  libarchive (master branch)
2013-03-23 21:34:10 +00:00