Commit Graph

98 Commits

Author SHA1 Message Date
mm
43068e555d MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
  PR #1289: atomic extraction support (bsdtar -x --safe-writes)
  PR #1308: big endian fix for UTF16 support in LHA reader
  PR #1326: reject RAR5 files that declare invalid header flags
  Issue #987: fix support 7z archive entries with Delta filter
  Issue #1317: fix compression output buffer handling in XAR writer
  Issue #1319: fix uname or gname longer than 32 characters in pax writer
  Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
  Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With:	r356212,r356365,r356416
MFC after:	1 week
2020-02-12 00:16:56 +00:00
mm
94205e0192 MFV r356415
Sync libarchive with vendor

Relevant vendor changes:
  Issue #1302: Re-do fix for archive_write_client_open()

X-MFC-With:	r356212,r356365
MFC after:	1 week
2020-01-06 13:21:10 +00:00
mm
88b06a9b61 MFV r356365:
Sync libarchive with vendor

Relevant vendor changes:
  Issue #1302: Plug memory leak on failure of archive_write_client_open()
2020-01-05 01:42:21 +00:00
mm
4f7cda91cc MFV r356163,r356197:
Update libarchive to 3.4.1

Relevant vendor changes since last update:
  Issue #351: Refactor and implement private state logic for write filters
  PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482)
  PR #1255: zip writer - don't append unused NUL for directories
  PR #1260: Fix sparse file offset overflow on 32-bit systems
  PR #1263: UNICODE filename support for reading lha/lzh format
  Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs()
  PR #1288: Add the "xattrhdr" option to pax write options
  PR #1295: 7z reader - fix reading archives with digests in PackInfo
  PR #1296: RAR5 reader - verify window size for multivolume archives
  PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files
  Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs()
  OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error
  Fix possible off-by-one when dealing with readlink(2)

MFC after:	2 weeks
2019-12-31 00:05:06 +00:00
mm
953cb1dbcf MFV r352731:
Sync libarchive with vendor.

Relevant vendor changes:
  Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c
  PR #1249: Correct some typographical and grammatical errors.
  PR #1250: Minor corrections to the formatting of manual pages

MFC after:	1 week
2019-09-26 01:50:20 +00:00
mm
e585e3e5b2 MFV r349454:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary
            (OSS-Fuzz 15431)
  PR #1218: Fixes to sparse file handling

MFC after:	1 week
2019-06-28 22:41:17 +00:00
mm
10dc8d0dd7 MFV r349134:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #1212: RAR5 reader - window_mask was not updated correctly
            (OSS-Fuzz 15278)
  OSS-Fuzz 15120: RAR reader - extend use after free bugfix

MFC after:	1 week (together with r348993)
2019-06-17 11:46:37 +00:00
mm
7d947d63ea MFV r348971,r348977:
Sync libarchive with vendor.

Relevant vendor changes:
  - check_symlinks_fsobj() without chdir() and fchdir()
  - bsdtar.1 manpage fixes
  - patches from OpenBSD to libarchive_fe/passphrase.c
  - version bumped to 3.4.0

MFC after:	2 weeks
2019-06-12 13:34:12 +00:00
mm
404308eb8d MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
  Issue #795: XAR - do not try to add xattrs without an allocated name
  PR #812: non-recursive option for extract and list
  PR #958: support reading metadata from compressed files
  PR #999: add --exclude-vcs option to bsdtar
  Issue #1062: treat empty archives with a GNU volume header as valid
  PR #1074: Handle ZIP files with trailing 0s in the extra fields
            (Android APK archives)
  PR #1109: Ignore padding in Zip extra field data (Android APK archives)
  PR #1167: fix problems related to unreadable directories
  Issue #1168: fix handling of strtol() and strtoul()
  PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
  PR #1174: ZIP reader - fix of MSZIP signature parsing
  PR #1175: gzip filter - fix reading files larger than 4GB from memory
  PR #1177: gzip filter - fix memory leak with repeated header reads
  PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
  PR #1181: RAR5 - fix merge_block() recursion
            (OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
  PR #1183: fix memory leak when decompressing ZIP files with LZMA
  PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
    OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
    OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
    OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
  PR #1186: RAR5 - fix invalid type used for dictionary size mask
            (OSS-Fuzz 14537)
  PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
  PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
            (OSS-Fuzz 14574)
  PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
  OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
  OSS-Fuzz 14331: RAR5 - fix maximum owner name length
  OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

  Additional RAR5 reader changes:
    - support symlinks, hardlinks, file owner, file group, versioned files
    - change ARCHIVE_FORMAT_RAR_V5 to 0x100000
    - set correct mode for readonly directories
    - support readonly, hidden and system Windows file attributes

MFC after:	2 weeks
2019-05-20 12:57:39 +00:00
mm
436a3173ae MFV r345495:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #1153: fixed 2 bugs in ZIP reader [1]
  PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
  Changes to file flags code, support more file flags on FreeBSD:
    UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
    UF_ARCHIVE is not supported by intention (yet)

PR:		236300
MFC after:	2 weeks
2019-03-25 11:49:57 +00:00
mm
56382b432d MFV r344088 (libarchive):
archive_read_disk_posix.c: initialize delayed_errno

MFC after:	2 weeks
2019-02-13 07:37:33 +00:00
mm
874cd8bc90 MFV r344063:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #1085: Fix a null pointer dereference bug in zip writer
  PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
            decopmpression
  PR #1116: Add support for 64-bit ar format
  PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
  PR #1125: RAR5 reader - fix an invalid read and a memory leak
  PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
            due to ENOENT [3]
  PR #1134: Delete unnecessary null pointer checks before calls of free()
  OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
  OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader

PR:		233006 [3]
Security:	CVE-2019-1000019 [1], CVE-2019-1000020 [2]
MFC after:	2 weeks
2019-02-12 23:24:45 +00:00
mm
426936ff22 MFV r341771,342040,342041:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #1102: RAR5 reader - fix big-endian problems
  PR #1105: Fix various crash, memory corruption and infinite loop conditions
  PR #1107: RAR5 reader: removed an unused function: bf_is_last_block

MFC after:	1 week
2018-12-13 11:18:45 +00:00
mm
c4065f2d8a MFV r340938:
Sync libarchive with vendor.

Relevant vendor changes:
  Issue #1096: Support extracting ACLs with in-entry comments (GNU tar)
  PR #1023: Support extracting extattrs as non-root on non-user-writeable
            files

MFC after:	1 week
2018-11-26 11:04:35 +00:00
mm
8a8c94dcfc MFV r340865:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #1080: Spelling fixes
  PR #1084: RAR5 reader bugfixes
  PR #1091: fix use-after-free in delayed newc link processing
  PR #1092: Fix a few obvious resource leaks and strcpy() misuses

MFC after:	1 week
2018-11-24 01:25:45 +00:00
mm
d8509c4de3 MFV r339792:
Sync libarchive with vendor.

Relevant vendor changes:
  RAR5 reader: more maybe-uninitialized size_t fixes for riscv64
               FreeBSD build

MFC after:	1 month
2018-10-26 21:17:50 +00:00
mm
9b1e8e87ea MFV r339750:
Sync libarchive with vendor.

Relevant vendor changes:
  RAR5 reader: FreeBSD build platform fixes for powerpc(64), mips(64),
               sparc64 and riscv64

MFC after:	1 month
2018-10-25 23:13:19 +00:00
mm
77e97bb7ad MFV r339640,339641,339644:
Sync libarchive with vendor

Relevant vendor changes:
  PR #1013: Add missing h_base offset when performing absolute seeks in
            xar decompression
  PR #1061: Add support for extraction of RAR v5 archives
  PR #1066: Fix out of bounds read on empty string filename for gnutar, pax
            and v7tar
  PR #1067: Fix temporary file path buffer overflow in tests
  IS #1068: Correctly process and verify integer arguments passed to
            bsdcpio and bsdtar
  PR #1070: Don't default XAR entry atime/mtime to the current time

MFC after:	1 month
2018-10-25 21:44:17 +00:00
mm
09a45c7c47 MFV r338797:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #1019: Add allocation check for the zip_entry struct
  Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly

Approved by:	re (kib)
MFC after:	1 week
2018-09-20 11:44:36 +00:00
mm
afd649d275 MFV r338519:
Update libarchive to 3.3.3

As all important changes have already been merged from libarchive git
this is just version number bump, documentation update and some
polishing for cpio tests. Other source code changes are not relevant to
FreeBSD.

Approved by:	re (gjb)
MFC after:	1 week
2018-09-11 20:51:34 +00:00
mm
d7f6156007 MFV r337744:
Sync libarchive with vendor..

Vendor changes:
  PR #1042: validate iso9660 directory record length

MFC after:	3 days
Security:	CVE-2017-14501
2018-08-14 11:42:32 +00:00
mm
48569dc7bd MFV r336851:
Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14

Important vendor changes:
  PR #993: Chdir to -C directory for metalog processing
  OSS-Fuzz #4969: Check size of the extended time field in zip archives
  PR #973: Record informational compression level in gzip header

MFC after:	1 week
2018-07-29 00:12:16 +00:00
cem
500d1d31a2 MFV r336800: libarchive: Cherry-pick upstream 2c8c83b9
Relevant vendor changes:
  Fix issue #948: out-of-bounds read in lha_read_data_none()

admbugs:	877
MFC after:	3 days
Security:	CVE-2017-14503
2018-07-28 00:59:59 +00:00
mm
45410cb9f8 MFV r328323,328324:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #893: delete dead ppmd7 alloc callbacks
  PR #904: Fix archive freeing bug in bsdcat
  PR #961: Fix ZIP format names
  PR #962: Don't modify attributes for existing directories
           when ARCHIVE_EXTRACT_NO_OVERWRITE is set
  PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
  PR #970: zip: Allow backslash as path separator

MFC after:	1 week
2018-01-24 14:24:17 +00:00
mm
b2f0376b45 MFV r324145,324147:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #905: Support for Zstandard read and write filters
  PR #922: Avoid overflow when reading corrupt cpio archive
  Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
  OSS-Fuzz 2936: Place a limit on the mtree line length
  OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
  OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)

MFC after:	1 week
Security:	CVE-2017-14166, CVE-2017-14502
2017-10-01 00:40:23 +00:00
mm
293e0ea4cb MFV r321673:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #926: ensure ar strtab is null terminated

MFC after:	1 week
2017-07-28 23:56:07 +00:00
mm
10b648ba1d Fix libarchive mismerge of r320927 in libarchive_entry.h
MFC after:	1 week
X-MFC-with:	320927
Reported by:	Ngie Cooper <ngie@FreeBSD.org>
2017-07-13 04:46:00 +00:00
mm
5e90911210 Fix libarchive mismerge of r320927
MFC after:	1 week
X-MFC-with:	320927
Reported by:	Ngie Cooper <ngie@FreeBSD.org>
2017-07-13 04:42:29 +00:00
mm
430f32b033 MFV r320924:
Bump libarchive to 3.3.2

Vendor changes:
  PR #901: don't depend on stdin in a testcase

MFC after:	1 week
2017-07-13 00:28:36 +00:00
ngie
092aec6972 cpio/tests/test_option_lz4: fix a use after free in the failure case
This change will be upstreamed to the libarchive project.

MFC after:	6 days
MFC with:	r317782
Reported by:	Coverity
Sponsored by:	Dell EMC Isilon
2017-05-11 08:22:01 +00:00
mm
73f895d1f8 MFV r317781:
Sync libarchive with vendor

Vendor changes (FreeBSD-related):
  PR 897: add test for ZIP archives with invalid EOCD headers
  PR 901: fix invalid renaming of sparse files
  OSS-Fuzz issue 497: remove fallback tree in LZX decoder
  OSS-Fuzz issue 527: rewrite expressions in lz4 filter
  OSS-Fuzz issue 577: fix integer overflow in cpio reader
  OSS-Fuzz issue 862: fix numerc parsing in mtree reader
  OSS-Fuzz issue 1097: fix undefined shift in rar reader
  cpio: various optimizations and memory leak fixes

MFC after:	1 week
2017-05-04 00:04:17 +00:00
mm
90e4f01f08 MFV r316454,316455:
Vendor changes (FreeBSD-related):
  Report which extended attributes could not be restored
  Update archive_read_disk.3 and archive_write_disk.3 manual pages
  Plug memory leaks in xattr tests.

MFC after:	1 week
2017-04-03 12:26:20 +00:00
mm
6865a62f40 MFV r316083,316094:
Sync libarchive with vendor

Vendor changes (FreeBSD-related):
- constify variables in several places
- unify platform ACL code in a single source file
- fix unused variable if compiling on FreeBSD without NFSv4 ACL support

MFC after:	3 days
X-MFC-with:	315636, 315876
2017-03-28 10:39:17 +00:00
mm
5fb73187c4 MFV r315875:
Sync libarchive with vendor.

Vendor changes (FreeBSD-related):
- store extended attributes with extattr_set_link() if no fd is provided
- add extended attribute tests to libarchive and bsdtar
- fix tar's test_option_acls
- support the UF_HIDDEN file flag

X-MFC with:	315636
2017-03-24 00:02:12 +00:00
mm
db10b50bcd MFV r315633, 315635:
Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
  PR 867 (bsdcpio): show numeric uid/gid when names are not found
  PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
  PR 880 (pax): Fix handling of "size" pax header keyword
  PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
  OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
  Break ACL read/write code into platform-specific source files
  Unbreak static dependency on libbz2

MFC after:	1 week
2017-03-20 13:02:27 +00:00
mm
e42e0ff9b1 MFV r314565,314567,314570:
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
  PR #501: improvements in ACL path handling
  PR #724: fix hang when reading malformed cpio files
  PR #864: fix out of bounds read with malformed GNU tar archives
  Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
  Access Control Lists (--acls, --no-acls)
  Extended file flags (--fflags, --no-fflags)
  Extended attributes (--xattrs, --no-xattrs)
  Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)

MFC after:	2 weeks
2017-03-02 22:59:35 +00:00
imp
7e6cabd06e Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
mm
bde1425228 MFV r313781:
Sync libarchive with vendor

Vendor changes:
Make SCHILY.acl.ace header more compact (NFSv4 ACLs)

Vendor bugfixes:
zip reader integer parsing fix (OSS-Fuzz 556)
spelling fixes (issue #863)
2017-02-15 20:17:55 +00:00
mm
29c9badfdc MFV r313569:313569:313569:
Sync libarchive with vendor

Vendor bugfixes:
cpio reader sanity fix (OSS-Fuzz 504)
WARC reader sanity fixes (OSS-Fuzz 511, 526, 532, 552)
mtree reader time parsing fix (OSS-Fuzz 538)
XAR reader memleak fix (OSS-Fuzz 551)

MFC after:	1 week
2017-02-11 01:00:58 +00:00
mm
359e87e77a MFV r313071:
Sync libarchive with vendor

Vendor changes (relevant to FreeBSD):
- support extracting NFSv4 ACLs from Solaris tar archives
- bugfixes and optimizations in the ACL code
- multiple fixes in the test suite
- typo and other small bugfixes

Security fixes:
- cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
- LHA reader: heap-buffer-overflow in lha_read_file_header_1()
  (CVE-2017-5601)
- LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
  (OSS-Fuzz 453)
- mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
- WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

Memory leak fixes:
- ACL support: free memory allocated by acl_get_qualifier()
- disk writer: missing free in create_filesystem_object()
- file reader: fd leak (Coverity 1016755)
- gnutar writer: fix free in archive_write_gnutar_header()
  (Coverity 101675)
- iso 9660 reader: missing free in parse_file_info()
  (partial Coverity 1016754)
- program reader: missing free in __archive_read_program()
- program writer: missing free in __archive_write_program_free()
- xar reader: missing free in xar_cleanup()
- xar reader: missing frees in expat_xmlattr_setup()
  (Coverity 1229979-1229981)
- xar writer: missing free in file_free()
- zip reader: missing free in zip_read_local_file_header()

MFC after:	1 week
X-MFC with:	310866, 310868, 310870, 311899
2017-02-02 00:50:46 +00:00
mm
26c7b0b494 MFV r311899:
Sync libarchive with vendor.

Vendor bugfixes:
#691: Support for SCHILY.xattr extended attributes
#854: Spelling fixes

Multiple fixes in ACL code:
  - prefer acl_set_fd_np() to acl_set_fd()
  - if acl_set_fd_np() fails, do no fallback to acl_set_file()
  - do not warn if trying to write ACLs to a filesystem without ACL support
  - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs

MFC after:	1 week
X-MFC with:	r310866
2017-01-10 21:59:35 +00:00
mm
94655e777d MFV r310869:
Sync libarchive with vendor.

Vendor bugfixes:
Use __LA_DEPRECATED macro with functions deprecated in 379867e (r310796)

MFC after:	2 weeks
X-MFC with:	r310866
2016-12-30 23:05:06 +00:00
mm
1f036f8ac2 MFV r310798:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
PR #851: Spelling fixes
Fix two protoypes in manual page archive_read_disk.3

MFC after:	2 weeks
2016-12-30 22:54:08 +00:00
mm
dd5f92d308 MFV r310796, r310797:
Sync libarchive with vendor.

Vendor changes (relevant to FreeBSD):
PR #771: Add NFSv4 ACL support to pax and restricted pax

NFSv4 ACL information may now be stored to and restored from tar archives.
ACL must be non-trivial and supported by the underlying filesystem, e.g.
natively by ZFS or by UFS with the NFSv4 ACL enable flag set.

MFC after:	2 weeks
Relnotes:	yes
2016-12-30 22:18:22 +00:00
mm
5e2d367430 MFV r310622:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 846: Spelling fixes
PR 850: Fix issues with reading certain jar files
OSS-Fuzz 286: Bugfix in archive_strncat_l()
2016-12-27 01:10:28 +00:00
mm
8752f49015 MFV r310115,310184:
Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after:	1 week
2016-12-17 02:07:08 +00:00
ngie
d68a9833c6 Merge changes from vendor to address several Coverity issues with
contrib/libarchive's tests

MFC after:	2 weeks
Obtained from:	libarchive (ebe29c, fd0ea2, f9e3de)
Reported by:	Coverity
2016-12-12 02:21:56 +00:00
mm
a010944f5a MFV r309587:
Sync libarchive with vendor.

Vendor bugfixes:

libarchive #831:
  Spelling fixes
libarchive #832:
  Relax sanity checks of number fields in tar header even more
OSS-Fuzz #16:
  Fix possible hang in uudecode_filter_read()
OSS-Fuzz #220:
  Reject an 'ar' filename table larger than 1GB or a filename larger
  than 1MB.

MFC after:	1 week
2016-12-06 01:35:27 +00:00
mm
46f0955edf Relax sanity check of number fields in tar header even more.
This fixes reading tar archives created by older versions of
plexus-archiver (used by maven-assembly-plugin) that fill uid and gid
fields with spaces (PLXCOMP-233).

Vendor issue:
https://github.com/libarchive/libarchive/issues/832

Reported by:	Antoine Brodin <antoine@freebsd.org>
MFC after:	1 week
2016-12-04 02:58:13 +00:00
mm
8bdc681e61 MFV r309403:
Sync libarchive with vendor.

Vendor bugfixes:
Fix for heap-buffer-overflow in archive_le16dec()
Fix for heap-buffer-overflow in uudecode_bidder_bid()
Reworked fix for compatibility with archives created by Perl Archive::Tar

MFC after:	1 week
2016-12-02 09:30:13 +00:00