2024-10-19 07:40:01 by Adam Ciarcinski | Files touched by this commit (362) | |
Log message:
libarchive: updated to 3.7.7
Libarchive 3.7.7 is a bugfix and security release
Security fixes:
gzip: prevent a hang when processing a malformed gzip inside a gzip
tar: don't crash on truncated tar archives
tar: fix two leaks in tar header parsing
Important bugfixes:
7-zip: read/write symlink paths as UTF-8
cpio: exit with an error code if an entry could not be extracted
rar5: report encrypted entries
tar: fix truncation of entry pathnames in specific archives
windows: fix ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
Libarchive 3.7.6 is a bugfix and security release.
This release fixes a tar regression introduced in libarchive 3.7.5
Important bugfixes.
tar: clean up linkpath between entries
tar: fix memory leaks when processing symlinks or parsing pax headers
iso: be more cautious about parsing ISO-9660 timestamps
|
2024-10-19 07:28:44 by Adam Ciarcinski | Files touched by this commit (15) | |
Log message:
libarchove: import version 3.7.7
|
2024-09-15 09:02:22 by Adam Ciarcinski | Files touched by this commit (182) | |
Log message:
libarchive: updated to 3.7.5
Libarchive 3.7.5
Security fixes:
fix multiple vulnerabilities identified by SAST
cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
lzop: prevent integer overflow
rar4: protect copy_from_lzss_window_to_unp()
rar4: fix CVE-2024-26256
rar4: fix OOB in delta and audio filter
rar4: fix out of boundary access with large files
rar4: add boundary checks to rgb filter
rar4: fix OOB access with unicode filenames
rar5: clear 'data ready' cache on window buffer reallocs
rpm: calculate huge header sizes correctly
unzip: unify EOF handling
util: fix out of boundary access in mktemp functions
uu: stop processing if lines are too long
Important bugfixes:
7zip: fix issue when skipping first file in 7zip archive that is a multiple of \
65536 bytes
ar: fix archive entries having no type
lha: do not allow negative file sizes
lha: fix integer truncation on 32-bit systems
shar: check strdup return value
rar5: don't try to read rediculously long names
xar: fix another infinite loop and expat error handling
many Windows fixes, cleanups and improvements
|
2024-09-15 08:46:23 by Adam Ciarcinski | Files touched by this commit (11) | |
Log message:
libarchive: imported version 3.7.5
Libarchive 3.7.5
Security fixes:
fix multiple vulnerabilities identified by SAST
cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
lzop: prevent integer overflow
rar4: protect copy_from_lzss_window_to_unp()
rar4: fix CVE-2024-26256
rar4: fix OOB in delta and audio filter
rar4: fix out of boundary access with large files
rar4: add boundary checks to rgb filter
rar4: fix OOB access with unicode filenames
rar5: clear 'data ready' cache on window buffer reallocs
rpm: calculate huge header sizes correctly
unzip: unify EOF handling
util: fix out of boundary access in mktemp functions
uu: stop processing if lines are too long
Important bugfixes:
7zip: fix issue when skipping first file in 7zip archive that is a multiple of \
65536 bytes
ar: fix archive entries having no type
lha: do not allow negative file sizes
lha: fix integer truncation on 32-bit systems
shar: check strdup return value
rar5: don't try to read rediculously long names
xar: fix another infinite loop and expat error handling
many Windows fixes, cleanups and improvements
|
2024-05-03 19:14:58 by Jonathan Perkin | Files touched by this commit (1) |
Log message:
bsdtar: Include limits.h for INT_MAX.
|
2024-04-30 07:51:38 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
Libarchive 3.7.4 is a bugfix and security release
Security fixes:
rar: Fix OOB in rar e8 filter (CVE-2024-26256)
zip: Fix out of boundary access
Important bugfixes:
7zip: Limit amount of properties
bsdtar: Fix error handling around strtol() usages
passphrase: Improve newline handling on Windows
passphrase: Never allow empty passwords
rar: Fix "File CRC Error" when extracting specific rar4 archives
xar: Avoid infinite link loop
zip: Update AppleDouble support for directories
zstd: Implement core detection
|
2024-04-15 15:37:24 by David H. Gutteridge | Files touched by this commit (1) |
Log message:
libarchive: fix builds where __RCSID isn't defined by the OS
The 3.7.3 release removed all __FBSDID and __RCSID strings and support
for them. Evidently there was a merge botch with archive_pack_dev.c
where __RCSID was retained there in our copy, which breaks builds on
most OSes. Addresses PR pkg/58152 from Hiroshi Hakoyama.
|
2024-04-12 17:39:58 by Adam Ciarcinski | Files touched by this commit (682) | |
Log message:
libarchive: updated to 3.7.3
Libarchive 3.7.3 is a feature, security and bugfix release.
New features:
PCRE2 support
add trailing letter b to bsdtar(1) substitute pattern
add support for long options "--group" and "--owner" to tar(1)
Security fixes:
Fix possible vulnerability in tar error reporting introduced in f27c173
Important bugfixes:
ISO9660: preserve the natural order of links
rar5: fix decoding unicode filenames on Windows
rar5: fix infinite loop if during rar5 decompression the last block produced no data
xz filter: fix incorrect eof at the end of an lzip member
zip: fix end-of-data marker processing when decompressing zip archives
multiple bsdunzip(1) fixes
filetime truncation fix on Windows
|
2024-04-12 17:28:59 by Adam Ciarcinski | Files touched by this commit (10) | |
Log message:
libarchive: import version 3.7.3
|
2024-03-31 15:35:09 by Jonathan Schleifer | Files touched by this commit (1) |
Log message:
archivers/libarchive: Revert fix for QNX
bsdzip isn't being built anymore.
|