Commit Graph

28 Commits

Author SHA1 Message Date
mm
48569dc7bd MFV r336851:
Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14

Important vendor changes:
  PR #993: Chdir to -C directory for metalog processing
  OSS-Fuzz #4969: Check size of the extended time field in zip archives
  PR #973: Record informational compression level in gzip header

MFC after:	1 week
2018-07-29 00:12:16 +00:00
mm
b2f0376b45 MFV r324145,324147:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #905: Support for Zstandard read and write filters
  PR #922: Avoid overflow when reading corrupt cpio archive
  Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
  OSS-Fuzz 2936: Place a limit on the mtree line length
  OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
  OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)

MFC after:	1 week
Security:	CVE-2017-14166, CVE-2017-14502
2017-10-01 00:40:23 +00:00
ngie
092aec6972 cpio/tests/test_option_lz4: fix a use after free in the failure case
This change will be upstreamed to the libarchive project.

MFC after:	6 days
MFC with:	r317782
Reported by:	Coverity
Sponsored by:	Dell EMC Isilon
2017-05-11 08:22:01 +00:00
mm
73f895d1f8 MFV r317781:
Sync libarchive with vendor

Vendor changes (FreeBSD-related):
  PR 897: add test for ZIP archives with invalid EOCD headers
  PR 901: fix invalid renaming of sparse files
  OSS-Fuzz issue 497: remove fallback tree in LZX decoder
  OSS-Fuzz issue 527: rewrite expressions in lz4 filter
  OSS-Fuzz issue 577: fix integer overflow in cpio reader
  OSS-Fuzz issue 862: fix numerc parsing in mtree reader
  OSS-Fuzz issue 1097: fix undefined shift in rar reader
  cpio: various optimizations and memory leak fixes

MFC after:	1 week
2017-05-04 00:04:17 +00:00
mm
db10b50bcd MFV r315633, 315635:
Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
  PR 867 (bsdcpio): show numeric uid/gid when names are not found
  PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
  PR 880 (pax): Fix handling of "size" pax header keyword
  PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
  OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
  Break ACL read/write code into platform-specific source files
  Unbreak static dependency on libbz2

MFC after:	1 week
2017-03-20 13:02:27 +00:00
mm
e42e0ff9b1 MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
  PR #501: improvements in ACL path handling
  PR #724: fix hang when reading malformed cpio files
  PR #864: fix out of bounds read with malformed GNU tar archives
  Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
  Access Control Lists (--acls, --no-acls)
  Extended file flags (--fflags, --no-fflags)
  Extended attributes (--xattrs, --no-xattrs)
  Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after:	2 weeks
2017-03-02 22:59:35 +00:00
mm
1f036f8ac2 MFV r310798:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after:	2 weeks
2016-12-30 22:54:08 +00:00
mm
5e2d367430 MFV r310622:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 846: Spelling fixes
PR 850: Fix issues with reading certain jar files
OSS-Fuzz 286: Bugfix in archive_strncat_l()
2016-12-27 01:10:28 +00:00
mm
8752f49015 MFV r310115,310184:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after:	1 week
2016-12-17 02:07:08 +00:00
ngie
d68a9833c6 Merge changes from vendor to address several Coverity issues with
contrib/libarchive's tests

MFC after:	2 weeks
Obtained from:	libarchive (ebe29c, fd0ea2, f9e3de)
Reported by:	Coverity
2016-12-12 02:21:56 +00:00
mm
a010944f5a MFV r309587:
Sync libarchive with vendor.

Vendor bugfixes:

libarchive #831:
  Spelling fixes
libarchive #832:
  Relax sanity checks of number fields in tar header even more
OSS-Fuzz #16:
  Fix possible hang in uudecode_filter_read()
OSS-Fuzz #220:
  Reject an 'ar' filename table larger than 1GB or a filename larger
  than 1MB.

MFC after:	1 week
2016-12-06 01:35:27 +00:00
mm
7fe6ca699f MFV r307859:
Update libarchive to 3.2.2
2016-10-24 14:08:05 +00:00
mm
288028aac3 MFV r307214:
Sync libarchive with vendor. Style and tests fixes.

Important vendor bugfixes (relevant to FreeBSD):
#801: FreeBSD Coverity report: resource leak in libarchive/tar/test/main.c

MFC after:	1 week
2016-10-13 11:40:34 +00:00
mm
5913b201c3 MFV r306669:
Sync libarchive with vendor including security fixes.

Important vendor bugfixes (relevant to FreeBSD):
#747: Out of bounds read in mtree parser
#761: heap-based buffer overflow in read_Header (7-zip)
#784: Invalid file on bsdtar command line results in internal errors (1)

PR:		213092 (1)
MFC after:	1 week
2016-10-04 11:56:46 +00:00
mm
bd971a53c8 MFV r304060:
Sync libarchive with vendor including three security fixes

Vendor issues fixed:

Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD

MFC after:	3 days
2016-08-14 09:26:10 +00:00
mm
fbcd396bf9 MFV r302003,r302037,r302038,r302056:
Update libarchive to 3.2.1 (bugfix and security fix release)

List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
  (vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
  parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
  (vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
  (vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
  where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
  missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
  long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
  characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes

Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader

MFC after:	1 week
Security:	CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
Approved by:	re (kib)
2016-06-22 07:49:59 +00:00
mm
52a2d07be7 Revert r299576 and MFV r299895:
Revert r299576:
Fix broken cpio behavior.

MFV r299895:
Update to vendor git commit 860ec63.

MFC after:	3 weeks (together with libarchive 3.2.0)
Fix broken cpio behavior in pass-through mode with vendor code.
> Description of fields to fill in above:                     76 columns --|
> PR:                       If and which Problem Report is related.
> Submitted by:             If someone else sent in the change.
> Reported by:              If someone else reported the issue.
> Reviewed by:              If someone else reviewed your modification.
> Approved by:              If you needed approval for this commit.
> Obtained from:            If the change is from a third party.
> MFC after:                N [day[s]|week[s]|month[s]].  Request a reminder email.
> MFH:                      Ports tree branch name.  Request approval for merge.
> Relnotes:                 Set to 'yes' for mention in release notes.
> Security:                 Vulnerability reference (one per line) or description.
> Sponsored by:             If the change was sponsored by an organization.
> Differential Revision:    https://reviews.freebsd.org/D### (*full* phabric URL needed).
> Empty fields above will be automatically removed.

_M   libarchive
_M   libarchive/cpio
M    libarchive/cpio/bsdcpio.1
M    libarchive/cpio/cpio.c
_M   libarchive/libarchive
M    libarchive/libarchive/archive_read_support_format_cpio.c
2016-05-16 05:01:44 +00:00
mm
b47968a7ae Fix broken cpio behavior.
Suggested upstream as PR #704.

MFC:	1 month (together with libarchive 3.2.0)
2016-05-12 22:51:04 +00:00
mm
38e8840f40 MFV r299425:
Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
  similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after:	1 month
Relnotes:	yes
2016-05-12 10:16:16 +00:00
dim
f3c5cded78 Fix the following -Werror warning from clang 3.5.0, while building
usr.bin/cpio on amd64 (or any arch with 64-bit time_t):

contrib/libarchive/cpio/cpio.c:1143:6: error: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Werror,-Wabsolute-value]
        if (abs(mtime - now) > (365/2)*86400)
            ^
contrib/libarchive/cpio/cpio.c:1143:6: note: use function 'labs' instead
        if (abs(mtime - now) > (365/2)*86400)
            ^~~
            labs
1 error generated.

This is because time_t is a long on amd64. To avoid the warning, just
copy the equivalent test from a few lines before, which is used in the
Windows case, and which is type safe.

Reviewed by:	emaste
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D1198
2014-11-22 12:10:09 +00:00
mm
5ee0a7b76c MFV r248590,248594:
Update libarchive to 3.1.2

Some of new features:
  - support for lrzip and grzip compression
  - support for writing tar v7 format
  - b64encode and uuencode filters
  - support for __MACOSX directory in Zip archives
  - support for lzop compresion (external utility)
2013-03-22 13:36:03 +00:00
mm
11bb7fcf7b Update libarchive to 3.0.4 2012-07-28 06:38:44 +00:00
mm
6132589d7b Update libarchive to 3.0.3
Some of new features:
  - New readers: RAR, LHA/LZH, CAB reader, 7-Zip
  - New writers: ISO9660, XAR
  - Improvements to many formats, especially including ISO9660 and Zip
  - Stackable write filters to write, e.g., tar.gz.uu in a single pass
  - Exploit seekable input; new "seekable" Zip reader can exploit the Zip
    Central Directory when it's available; the old "streamable" Zip reader
    is still fully supported for cases where seeking is not possible.

Full release notes available at:
	https://github.com/libarchive/libarchive/wiki/ReleaseNotes
2012-02-25 10:58:02 +00:00
mm
ddda7a7681 Merge FreeBSD changes from usr.bin/cpio to contrib/libarchive/cpio:
r204111 (uqs):
Fix common misspelling of hierarchy

r211054 (kientzle);
Fix -R when used with -p.  Previously, the
uname and gname weren't overwritten, so the
disk restore would use those to lookup the
original uid/gid again.  Clearing the uname
and gname prevents this.

r212263 (gjb):
Fix typo in bsdcpio manual:
s/libarchive_formats/libarchive-formats

MFC after:	2 weeks
2011-12-21 15:33:13 +00:00
mm
b9f719b20e Remove config_freebsd.h and add to FREEBSD-Xlist
This file is common for libarchive, cpio and tar and is going to be located
outside of contrib (lib/libarchive)
2011-12-21 12:59:09 +00:00
mm
89ab30c75f Strip unnecessary files and directories from contrib/libarchive
according to FREEBSD-Xlist

MFC after:	2 weeks
2011-12-21 11:18:49 +00:00
mm
5fa2c01e28 Set svn:keywords to FreeBSD=%H for contrib/libarchive
MFC after:	2 weeks
2011-12-21 11:13:29 +00:00
mm
33c445c76a Copy libarchive from vendor branch to contrib
MFC after:	2 weeks
2011-12-21 11:09:24 +00:00