src/lib/libarchive/tests, branch release/11.1.0 FreeBSD source tree MFC r317782,318181: 2017-05-18T19:47:43+00:00 Martin Matuska mm@FreeBSD.org 2017-05-18T19:47:43+00:00 ec8cdbff4c3aed126be04a54d5fff74360b3c4c1 MFC r317782 (mm): Sync libarchive with vendor Vendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz issue 497: remove fallback tree in LZX decoder OSS-Fuzz issue 527: rewrite expressions in lz4 filter OSS-Fuzz issue 577: fix integer overflow in cpio reader OSS-Fuzz issue 862: fix numerc parsing in mtree reader OSS-Fuzz issue 1097: fix undefined shift in rar reader cpio: various optimizations and memory leak fixes MFC r318181 (ngie) (2): cpio/tests/test_option_lz4: fix a use after free in the failure case Reported by: Coverity (2) Sponsored by: Dell EMC Isilon (2) 
MFC r317782 (mm):
  Sync libarchive with vendor

  Vendor changes (FreeBSD-related):
    PR 897: add test for ZIP archives with invalid EOCD headers
    PR 901: fix invalid renaming of sparse files
    OSS-Fuzz issue 497: remove fallback tree in LZX decoder
    OSS-Fuzz issue 527: rewrite expressions in lz4 filter
    OSS-Fuzz issue 577: fix integer overflow in cpio reader
    OSS-Fuzz issue 862: fix numerc parsing in mtree reader
    OSS-Fuzz issue 1097: fix undefined shift in rar reader
    cpio: various optimizations and memory leak fixes

MFC r318181 (ngie) (2):
  cpio/tests/test_option_lz4: fix a use after free in the failure case

Reported by:	Coverity (2)
Sponsored by:	Dell EMC Isilon (2)
MFC r315636,315876,316095: 2017-03-31T20:16:24+00:00 Martin Matuska mm@FreeBSD.org 2017-03-31T20:16:24+00:00 0b380a40de08c76dd210118ecea6ee62b7d3b54f Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): r315636: PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files r315876: Store extended attributes with extattr_set_link() if no fd is provided Add extended attribute tests to libarchive and bsdtar Fix tar's test_option_acls Support the UF_HIDDEN file flag r316095: Constify variables in several places Unify platform ACL code in a single source file Fix unused variable if compiling on FreeBSD without NFSv4 ACL support 
Sync libarchive with vendor

Vendor changes/bugfixes (FreeBSD-related):
r315636:
  PR 867 (bsdcpio): show numeric uid/gid when names are not found
  PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers
  PR 880 (pax): Fix handling of "size" pax header keyword
  PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream
  OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser
  Break ACL read/write code into platform-specific source files

r315876:
  Store extended attributes with extattr_set_link() if no fd is provided
  Add extended attribute tests to libarchive and bsdtar
  Fix tar's test_option_acls
  Support the UF_HIDDEN file flag

r316095:
  Constify variables in several places
  Unify platform ACL code in a single source file
  Fix unused variable if compiling on FreeBSD without NFSv4 ACL support
MFC r314571: 2017-03-16T23:07:35+00:00 Martin Matuska mm@FreeBSD.org 2017-03-16T23:07:35+00:00 e38bc8a294743a61b1407b85ebf4c7445655bfe5 Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) 
Update libarchive to version 3.3.1 (and sync with latest vendor dist)

Notable vendor changes:
  PR #501: improvements in ACL path handling
  PR #724: fix hang when reading malformed cpio files
  PR #864: fix out of bounds read with malformed GNU tar archives
  Documentation, style, test suite improvements and typo fixes.

New options to bsdtar that enable or disable reading and/or writing of:
  Access Control Lists (--acls, --no-acls)
  Extended file flags (--fflags, --no-fflags)
  Extended attributes (--xattrs, --no-xattrs)
  Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)
MFC r310866,310868,310870,311903,313074: 2017-02-11T00:54:16+00:00 Martin Matuska mm@FreeBSD.org 2017-02-11T00:54:16+00:00 fde2e5b9851361f61a558996c9f4a6cea167c7df Sync libarchive with vendor. MFC r310866: PR #771: Add NFSv4 ACL support to pax and restricted pax NFSv4 ACL information may now be stored to and restored from tar archives. ACL must be non-trivial and supported by the underlying filesystem, e.g. natively by ZFS or by UFS with the NFSv4 ACL enable flag set. MFC r310868: PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC r310870: Use __LA_DEPRECATED macro with functions deprecated in 379867e MFC r311903: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC r313074: - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() List of all libarchive issues at OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=libarchive Security: CVE-2017-5601 
Sync libarchive with vendor.

MFC r310866:
  PR #771: Add NFSv4 ACL support to pax and restricted pax

  NFSv4 ACL information may now be stored to and restored from tar archives.
  ACL must be non-trivial and supported by the underlying filesystem, e.g.
  natively by ZFS or by UFS with the NFSv4 ACL enable flag set.

MFC r310868:
  PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c
  PR #851: Spelling fixes
  Fix two protoypes in manual page archive_read_disk.3

MFC r310870:
  Use __LA_DEPRECATED macro with functions deprecated in 379867e

MFC r311903:
  #691: Support for SCHILY.xattr extended attributes
  #854: Spelling fixes

  Multiple fixes in ACL code:
  - prefer acl_set_fd_np() to acl_set_fd()
  - if acl_set_fd_np() fails, do no fallback to acl_set_file()
  - do not warn if trying to write ACLs to a filesystem without ACL support
  - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs

MFC r313074:
  - support extracting NFSv4 ACLs from Solaris tar archives
  - bugfixes and optimizations in the ACL code
  - multiple fixes in the test suite
  - typo and other small bugfixes

  Security fixes:
  - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335)
  - LHA reader: heap-buffer-overflow in lha_read_file_header_1()
    (CVE-2017-5601)
  - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream()
    (OSS-Fuzz 453)
  - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443)
  - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458)

  Memory leak fixes:
  - ACL support: free memory allocated by acl_get_qualifier()
  - disk writer: missing free in create_filesystem_object()
  - file reader: fd leak (Coverity 1016755)
  - gnutar writer: fix free in archive_write_gnutar_header()
    (Coverity 101675)
  - iso 9660 reader: missing free in parse_file_info()
    (partial Coverity 1016754)
  - program reader: missing free in __archive_read_program()
  - program writer: missing free in __archive_write_program_free()
  - xar reader: missing free in xar_cleanup()
  - xar reader: missing frees in expat_xmlattr_setup()
    (Coverity 1229979-1229981)
  - xar writer: missing free in file_free()
  - zip reader: missing free in zip_read_local_file_header()

List of all libarchive issues at OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=libarchive

Security:	CVE-2017-5601
MFC r309300,r309363,r309405,r309523,r309590,r310185,r310623: 2017-01-02T01:41:31+00:00 Martin Matuska mm@FreeBSD.org 2017-01-02T01:41:31+00:00 d2933226e7134849f3060dbb390cab7e13f3a363 Sync libarchive with vendor. Fixed vendor issues (relevant to FreeBSD) #825, #832: Add sanity check of tar "uid, "gid" and "mtime" fields #830, #831, #833, #846: Spelling fixes #850: Fix issues with reading certain jar files Fixed issues found by Google OSS-Fuzz: OSS-Fuzz #15: Fix heap-buffer-overflow in archive_le16dec() OSS-Fuzz #16: Fix possible hang in uudecode_filter_read() OSS-Fuzz #139, #145, #152: Fix heap-buffer-overflow in uudecode_bidder_bid() OSS-Fuzz #220: Reject an 'ar' filename table larger than 1GB or a filename larger than 1MB OSS-Fuzz #227, #230, #239: Fix possible memory leak in archive_read_free() OSS-Fuzz #237: Fix heap buffer overflow when reading invalid ar archives OSS-Fuzz #286: Bugfix in archive_strncat_l() More information: https://github.com/libarchive/libarchive/issues/[libarchive_issue_number] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=[oss_fuzz_issue_number] 
Sync libarchive with vendor.

Fixed vendor issues (relevant to FreeBSD)
#825, #832: Add sanity check of tar "uid, "gid" and "mtime" fields
#830, #831, #833, #846: Spelling fixes
#850: Fix issues with reading certain jar files

Fixed issues found by Google OSS-Fuzz:
OSS-Fuzz #15: Fix heap-buffer-overflow in archive_le16dec()
OSS-Fuzz #16: Fix possible hang in uudecode_filter_read()
OSS-Fuzz #139, #145, #152: Fix heap-buffer-overflow in uudecode_bidder_bid()
OSS-Fuzz #220: Reject an 'ar' filename table larger than 1GB or a filename
               larger than 1MB
OSS-Fuzz #227, #230, #239: Fix possible memory leak in archive_read_free()
OSS-Fuzz #237: Fix heap buffer overflow when reading invalid ar archives
OSS-Fuzz #286: Bugfix in archive_strncat_l()

More information:
https://github.com/libarchive/libarchive/issues/[libarchive_issue_number]
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=[oss_fuzz_issue_number]
MFC r310996: 2017-01-01T04:45:06+00:00 Enji Cooper ngie@FreeBSD.org 2017-01-01T04:45:06+00:00 22fafa67d98042cf658f2a0d941238c23412624c Look for list.h in ${.CURDIR} to unbreak the build with a ports-based copy of llvm38 on ^/stable/11 (oh, the bugs you find when you set CC,CXX,CPP manually and it skips the bootstrap stage for the toolchain...) 
Look for list.h in ${.CURDIR} to unbreak the build with a ports-based copy
of llvm38 on ^/stable/11 (oh, the bugs you find when you set CC,CXX,CPP
manually and it skips the bootstrap stage for the toolchain...)
MFC r306670: 2016-10-12T10:28:22+00:00 Martin Matuska mm@FreeBSD.org 2016-10-12T10:28:22+00:00 59bfeab7285a80ea2b6f533a0bd2b9bc37954f53 Sync libarchive with vendor including security fixes. Important vendor bugfixes (relevant to FreeBSD): #747: Out of bounds read in mtree parser #761: heap-based buffer overflow in read_Header (7-zip) #794: Invalid file on bsdtar command line results in internal errors (1) PR: 213092 (1) 
Sync libarchive with vendor including security fixes.

Important vendor bugfixes (relevant to FreeBSD):
#747: Out of bounds read in mtree parser
#761: heap-based buffer overflow in read_Header (7-zip)
#794: Invalid file on bsdtar command line results in internal errors (1)

PR:	213092 (1)
MFC r305819: 2016-09-25T22:02:27+00:00 Martin Matuska mm@FreeBSD.org 2016-09-25T22:02:27+00:00 2a6370e2e8ddc5a928c1201c7b21fa3265801bee Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r305188. Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f 
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r305188.

Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
MFC r304075,r304989: 2016-09-01T07:53:59+00:00 Martin Matuska mm@FreeBSD.org 2016-09-01T07:53:59+00:00 304ac1c7e07c35ea844f3b657132e5e4b2e61f0c Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC r304874: Temporarily disable two libarchive tests that have not yet been fixed by vendor. Tests will be re-enabled after a fix has been merged. 
Sync libarchive with vendor including security fixes

Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length

MFC r304874:
Temporarily disable two libarchive tests that have not yet been fixed by
vendor. Tests will be re-enabled after a fix has been merged.
MFV r302003,r302037,r302038,r302056: 2016-06-22T07:49:59+00:00 Martin Matuska mm@FreeBSD.org 2016-06-22T07:49:59+00:00 f061a2215f9bf0bea98ac601a34750f89428db67 Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib) 
Update libarchive to 3.2.1 (bugfix and security fix release)

List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
  (vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
  parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
  (vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
  (vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
  where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
  missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
  long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
  characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes

Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader

MFC after:	1 week
Security:	CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
Approved by:	re (kib)