MFC r368207,368607: MFC r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC r368607: Sync libarchive with vendor. Vendor changes: Issue #1461: Unbreak build without lzma Issue #1462: warc reader: Fix build with gcc11 Issue #1463: Fix code compatibility in test_archive_read_support.c Issue #1464: Use built-in strnlen on platforms where not available Issue #1465: warc reader: fix undefined behaviour in deconst() function git-svn-id: svn://svn.freebsd.org/base/stable/10@368708 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r361294: Update libarchive to 3.4.3 Relevant vendor changes: PR #1352: support negative zstd compression levels PR #1359: improve zstd version checking PR #1348: support RHT.security.selinux from GNU tar PR #1357: support for archives compressed with pzstd PR #1367: fix issues in acl tests PR #1372: child handling cleanup PR #1378: fix memory leak from passphrase callback git-svn-id: svn://svn.freebsd.org/base/stable/10@362134 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r358533: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling git-svn-id: svn://svn.freebsd.org/base/stable/10@358927 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r356212,r356366,r356416,r357785 Update libarchive to version 3.4.2 Relevant vendor changes (r356212): Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) Relevant vendor changes (r356366): Issue #1302: Plug memory leak on failure of archive_write_client_open() Relevant vendor changes (r356416): Issue #1302: Re-do fix for archive_write_client_open() Relevant vendor changes (r357785): PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() git-svn-id: svn://svn.freebsd.org/base/stable/10@358090 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r316456,352732: Sync libarchive with vendor. MFC r316456: Vendor changes (FreeBSD-related): Report which extended attributes could not be restored Update archive_read_disk.3 and archive_write_disk.3 manual pages Plug memory leaks in xattr tests. MFC r352732: Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages git-svn-id: svn://svn.freebsd.org/base/stable/10@353377 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r349527,349538: Sync libarchive with vendor. Relevant vendor changes: PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary (OSS-Fuzz 15431) PR #1218: Fixes to sparse file handling git-svn-id: svn://svn.freebsd.org/base/stable/10@349901 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r348993,349135: Sync libarchive with vendor including security fixes r348993: - version bumped to 3.4.0 - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.c r349135: PR #1212: RAR5 reader - window_mask was not updated correctly (OSS-Fuzz 15278) OSS-Fuzz 15120: RAR reader - extend use after free bugfix git-svn-id: svn://svn.freebsd.org/base/stable/10@349525 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r347990: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC r347999: Install missing data file for lib.libarchive.functional_test.test_read_format_zip_utf8_paths git-svn-id: svn://svn.freebsd.org/base/stable/10@348608 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r345497: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 [1] git-svn-id: svn://svn.freebsd.org/base/stable/10@346105 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r344063,r344088: MFC r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader MFC r344088: archive_read_disk_posix.c: initialize delayed_errno PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] git-svn-id: svn://svn.freebsd.org/base/stable/10@344674 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r339746,339751,339794,340866,340939,342042: Sync libarchive with vendor. Relevant vendor changes: PR #1013: Add missing h_base offset when performing absolute seeks in xar decompression PR #1023: Support extracting extattrs as non-root on non-user-writeable files PR #1061: Add support for extraction of RAR v5 archives PR #1066: Fix out of bounds read on empty string filename for gnutar, pax and v7tar PR #1067: Fix temporary file path buffer overflow in tests IS #1068: Correctly process and verify integer arguments passed to bsdcpio and bsdtar PR #1070: Don't default XAR entry atime/mtime to the current time PR #1080: Spelling fixes PR #1084: RAR5 reader bugfixes PR #1091: fix use-after-free in delayed newc link processing PR #1092: Fix a few obvious resource leaks and strcpy() misuses IS #1096: Support extracting ACLs with in-entry comments (GNU tar) PR #1102: RAR5 reader - fix big-endian problems PR #1105: Fix various crash, memory corruption and infinite loop conditions RAR5 reader: FreeBSD build platform fixes for powerpc(64), mips(64), sparc64 and riscv64 RAR5 reader: more maybe-uninitialized size_t fixes for riscv64 FreeBSD build git-svn-id: svn://svn.freebsd.org/base/stable/10@342361 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r338827: Sync libarchive with vendor. Relevant vendor changes: PR #1019: Add allocation check for the zip_entry struct Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly git-svn-id: svn://svn.freebsd.org/base/stable/10@339006 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r338600: Update libarchive to 3.3.3 As all important changes have already been merged from libarchive git this is just a version number bump, documentation update and some polishing for cpio tests. Other source code changes are not relevant to FreeBSD. Relnotes: yes git-svn-id: svn://svn.freebsd.org/base/stable/10@338796 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFH r337745: Sync libarchive with vendor.. Vendor changes: PR #1042: validate iso9660 directory record length MFC after: 3 days Security: CVE-2017-14501 git-svn-id: svn://svn.freebsd.org/base/stable/10@338034 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFH r336801,r336854: MFH r336801 (cem): Cherry-pick upstream 2c8c83b9 Relevant vendor changes: Fix issue #948: out-of-bounds read in lha_read_data_none() MFH r336854: Sync libarchive with vendor. Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header amdbugs: 877 Security: CVE-2017-14503 git-svn-id: svn://svn.freebsd.org/base/stable/10@337352 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFH r328332: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator git-svn-id: svn://svn.freebsd.org/base/stable/10@328828 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFH r324148: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) Security: CVE-2017-14166, CVE-2017-14502 git-svn-id: svn://svn.freebsd.org/base/stable/10@324418 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFH r321674: Sync libarchive with vendor. Relevant vendor changes: PR #926: ensure ar strtab is null terminated PR: 220462 git-svn-id: svn://svn.freebsd.org/base/stable/10@322072 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r320927,320931,320932: Bump libarchive to 3.3.2 Vendor changes: PR #901: don't depend on stdin in a testcase Relnotes: yes git-svn-id: svn://svn.freebsd.org/base/stable/10@321304 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
MFC r317782,318181: MFC r317782 (mm): Sync libarchive with vendor Vendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz issue 497: remove fallback tree in LZX decoder OSS-Fuzz issue 527: rewrite expressions in lz4 filter OSS-Fuzz issue 577: fix integer overflow in cpio reader OSS-Fuzz issue 862: fix numerc parsing in mtree reader OSS-Fuzz issue 1097: fix undefined shift in rar reader cpio: various optimizations and memory leak fixes MFC r318181 (ngie) (2): cpio/tests/test_option_lz4: fix a use after free in the failure case Reported by: Coverity (2) Sponsored by: Dell EMC Isilon (2) git-svn-id: svn://svn.freebsd.org/base/stable/10@318483 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f