<feed xmlns='http://www.w3.org/2005/Atom'>
<title>src/libarchive/archive_write_set_format_cpio_binary.c, branch vendor/libarchive</title>
<subtitle>FreeBSD source tree</subtitle>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/'/>
<entry>
<title>Update vendor/libarchive to 3.8.7</title>
<updated>2026-04-13T13:29:20+00:00</updated>
<author>
<name>Martin Matuska</name>
<email>mm@FreeBSD.org</email>
</author>
<published>2026-04-13T13:22:49+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=f2cd95a372000681bafe284df6ba857d5c2541c2'/>
<id>f2cd95a372000681bafe284df6ba857d5c2541c2</id>
<content type='text'>
Important bugfixes between 3.8.6 and 3.8.7:
 #2871 libarchive: fix handling of option failures
 #2897 iso9660: fix undefined behavior
 #2898 RAR: fix LZSS window size mismatch after PPMd block
 #2900 CAB: fix NULL pointer dereference during skip
 #2911 libarchive: do not continue with truncated numbers
 #2919 CAB: Fix Heap OOB Write in CAB LZX decoder
 #2934 iso9660: fix posibble heap buffer overflow on 32-bit systems
 #2939 cpio: Fix -R memory leak
 #2947 libarchive: lzop and grzip filter support

Important bugfixes between 3.8.5 and 3.8.6:
 #2860 bsdunzip: fix ISO week year and Gregorian year confusion
 #2864 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation
 #2875 7zip: fix out-of-bounds access on ELF 64-bit header
 #2877 RAR5 reader: fix infinite loop in rar5 decompression
 #2878 mtree reader: Fix file descriptor leak in mtree parser cleanup
       (CWE-775)
 #2892 RAR5 reader: fix potential memory leak
 #2893 RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called
       twice
 #2895 CAB reader: fix memory leak on repeated calls to
       archive_read_support_format_cab

Obtained from:	libarchive
Vendor commit:	ded82291ab41d5e355831b96b0e1ff49e24d8939
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Important bugfixes between 3.8.6 and 3.8.7:
 #2871 libarchive: fix handling of option failures
 #2897 iso9660: fix undefined behavior
 #2898 RAR: fix LZSS window size mismatch after PPMd block
 #2900 CAB: fix NULL pointer dereference during skip
 #2911 libarchive: do not continue with truncated numbers
 #2919 CAB: Fix Heap OOB Write in CAB LZX decoder
 #2934 iso9660: fix posibble heap buffer overflow on 32-bit systems
 #2939 cpio: Fix -R memory leak
 #2947 libarchive: lzop and grzip filter support

Important bugfixes between 3.8.5 and 3.8.6:
 #2860 bsdunzip: fix ISO week year and Gregorian year confusion
 #2864 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation
 #2875 7zip: fix out-of-bounds access on ELF 64-bit header
 #2877 RAR5 reader: fix infinite loop in rar5 decompression
 #2878 mtree reader: Fix file descriptor leak in mtree parser cleanup
       (CWE-775)
 #2892 RAR5 reader: fix potential memory leak
 #2893 RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called
       twice
 #2895 CAB reader: fix memory leak on repeated calls to
       archive_read_support_format_cab

Obtained from:	libarchive
Vendor commit:	ded82291ab41d5e355831b96b0e1ff49e24d8939
</pre>
</div>
</content>
</entry>
<entry>
<title>Update vendor/libarchive to 3.7.7</title>
<updated>2024-10-13T08:34:52+00:00</updated>
<author>
<name>Martin Matuska</name>
<email>mm@FreeBSD.org</email>
</author>
<published>2024-10-13T08:34:11+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=eff4ff4791c83686dfc7251c9ab3fe8ab9e60f0e'/>
<id>eff4ff4791c83686dfc7251c9ab3fe8ab9e60f0e</id>
<content type='text'>
Security fixes:
 #2364 tar: don't crash on truncated tar archives
 #2366 gzip: prevent a hang when processing a malformed gzip inside a gzip
 #2377 tar: fix two leaks in tar header parsing

Important bugfixes:
 #2096 rar5: report encrypted entries
 #2252 7-zip: read/write symlink paths as UTF-8
 #2360 tar: fix truncation of entry pathnames in specific archives

Obtained from:	libarchive
Vendor commit:	b439d586f53911c84be5e380445a8a259e19114c
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Security fixes:
 #2364 tar: don't crash on truncated tar archives
 #2366 gzip: prevent a hang when processing a malformed gzip inside a gzip
 #2377 tar: fix two leaks in tar header parsing

Important bugfixes:
 #2096 rar5: report encrypted entries
 #2252 7-zip: read/write symlink paths as UTF-8
 #2360 tar: fix truncation of entry pathnames in specific archives

Obtained from:	libarchive
Vendor commit:	b439d586f53911c84be5e380445a8a259e19114c
</pre>
</div>
</content>
</entry>
<entry>
<title>Update vendor/libarchive to 3.7.5</title>
<updated>2024-09-14T09:48:57+00:00</updated>
<author>
<name>Martin Matuska</name>
<email>mm@FreeBSD.org</email>
</author>
<published>2024-09-14T09:40:31+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=2022efa03048f4b6b5cef39bdd900d61dd484734'/>
<id>2022efa03048f4b6b5cef39bdd900d61dd484734</id>
<content type='text'>
Security fixes:
 #2158 rpm: calculate huge header sizes correctly
 #2160 util: fix out of boundary access in mktemp functions
 #2168 uu: stop processing if lines are too long
 #2174 lzop: prevent integer overflow
 #2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
 #2175 unzip: unify EOF handling
 #2179 rar4: fix out of boundary access with large files
 #2203 rar4: fix OOB access with unicode filenames
 #2210 rar4: add boundary checks to rgb filter
 #2248 rar4: fix OOB in delta filter
 #2249 rar4: fix OOB in audio filter
 #2256 fix multiple vulnerabilities identified by SAST
 #2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
 #2265 rar5: clear 'data ready' cache on window buffer reallocs
 #2269 rar4: fix CVE-2024-26256 (CVE-2024-26256)

Important bugfixes:
 #2150 xar: fix another infinite loop and expat error handling
 #2173 shar: check strdup return value
 #2161 lha: fix integer truncation on 32-bit systems
 #2245 7zip: fix issue when skipping first file in 7zip archive that
       is a multiple of 65536 bytes
 #2259 rar5: don't try to read rediculously long names
 #2290 ar: fix archive entries having no type

Obtained from:	libarchive
Vendor commit: 	12ecf8418ab3595d66cdea1abadcea8b6a9d288b
CVE:		CVE-2024-20696, CVE-2024-26256
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Security fixes:
 #2158 rpm: calculate huge header sizes correctly
 #2160 util: fix out of boundary access in mktemp functions
 #2168 uu: stop processing if lines are too long
 #2174 lzop: prevent integer overflow
 #2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
 #2175 unzip: unify EOF handling
 #2179 rar4: fix out of boundary access with large files
 #2203 rar4: fix OOB access with unicode filenames
 #2210 rar4: add boundary checks to rgb filter
 #2248 rar4: fix OOB in delta filter
 #2249 rar4: fix OOB in audio filter
 #2256 fix multiple vulnerabilities identified by SAST
 #2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
 #2265 rar5: clear 'data ready' cache on window buffer reallocs
 #2269 rar4: fix CVE-2024-26256 (CVE-2024-26256)

Important bugfixes:
 #2150 xar: fix another infinite loop and expat error handling
 #2173 shar: check strdup return value
 #2161 lha: fix integer truncation on 32-bit systems
 #2245 7zip: fix issue when skipping first file in 7zip archive that
       is a multiple of 65536 bytes
 #2259 rar5: don't try to read rediculously long names
 #2290 ar: fix archive entries having no type

Obtained from:	libarchive
Vendor commit: 	12ecf8418ab3595d66cdea1abadcea8b6a9d288b
CVE:		CVE-2024-20696, CVE-2024-26256
</pre>
</div>
</content>
</entry>
<entry>
<title>Update vendor/libarchive to 3.7.3</title>
<updated>2024-04-11T13:48:20+00:00</updated>
<author>
<name>Martin Matuska</name>
<email>mm@FreeBSD.org</email>
</author>
<published>2024-04-11T13:37:34+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=a509d68f27b9f114b876bbe3b9caa9d0ee0c5606'/>
<id>a509d68f27b9f114b876bbe3b9caa9d0ee0c5606</id>
<content type='text'>
New features:
  #1941 uudecode filter: support file name and file mode in raw mode
  #1943 7-zip reader: translate Windows permissions into UNIX
        permissions
  #1962 zstd filter now supports the "long" write option
  #2012 add trailing letter b to bsdtar(1) substitute pattern
  #2031 PCRE2 support
  #2054 add support for long options "--group" and "--owner" to tar(1)

Security fixes:
  #2101 Fix possible vulnerability in tar error reporting introduced
        in f27c173

Important bugfixes:
  #1974 ISO9660: preserve the natural order of links
  #2105 rar5: fix infinite loop if during rar5 decompression the last
        block produced no data
  #2027 xz filter: fix incorrect eof at the end of an lzip member
  #2043 zip: fix end-of-data marker processing when decompressing zip
        archives

Obtained from:		libarchive
Libarchive commit:	4fcc02d906cca4b9e21a78a833f1142a2689ec52
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
New features:
  #1941 uudecode filter: support file name and file mode in raw mode
  #1943 7-zip reader: translate Windows permissions into UNIX
        permissions
  #1962 zstd filter now supports the "long" write option
  #2012 add trailing letter b to bsdtar(1) substitute pattern
  #2031 PCRE2 support
  #2054 add support for long options "--group" and "--owner" to tar(1)

Security fixes:
  #2101 Fix possible vulnerability in tar error reporting introduced
        in f27c173

Important bugfixes:
  #1974 ISO9660: preserve the natural order of links
  #2105 rar5: fix infinite loop if during rar5 decompression the last
        block produced no data
  #2027 xz filter: fix incorrect eof at the end of an lzip member
  #2043 zip: fix end-of-data marker processing when decompressing zip
        archives

Obtained from:		libarchive
Libarchive commit:	4fcc02d906cca4b9e21a78a833f1142a2689ec52
</pre>
</div>
</content>
</entry>
<entry>
<title>Update vendor/libarchive libarchive/libarchive@9147def1d</title>
<updated>2022-02-09T13:20:23+00:00</updated>
<author>
<name>Martin Matuska</name>
<email>mm@FreeBSD.org</email>
</author>
<published>2022-02-09T13:11:38+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=84631082f67b1c1eeac6b68f11e5290354c431f8'/>
<id>84631082f67b1c1eeac6b68f11e5290354c431f8</id>
<content type='text'>
Libarchive 3.6.0

New features:
  PR #1614: tar: new option "--no-read-sparse"
  PR #1503: RAR reader: filter support
  PR #1585: RAR5 reader: self-extracting archive support

New features (not used in FreeBSD base):
  PR #1567: tar: threads support for zstd (#1567)
  PR #1518: ZIP reader: zstd decompression support

Security Fixes:
  PR #1491, #1492, #1493, CVE-2021-36976:
    fix invalid memory access and out of bounds read in RAR5 reader
  PR #1566, #1618, CVE-2021-31566:
    extended fix for following symlinks when processing the fixup list

Other notable bugfixes and improvements:
  PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
  PR #1625: reduced size of application binaries

Obtained from:		libarchive
Libarchive commit:	9147def1da7ad1bdd47b3559eb1bfeeb0e0f374b
Libarchive tag:		v3.6.0
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Libarchive 3.6.0

New features:
  PR #1614: tar: new option "--no-read-sparse"
  PR #1503: RAR reader: filter support
  PR #1585: RAR5 reader: self-extracting archive support

New features (not used in FreeBSD base):
  PR #1567: tar: threads support for zstd (#1567)
  PR #1518: ZIP reader: zstd decompression support

Security Fixes:
  PR #1491, #1492, #1493, CVE-2021-36976:
    fix invalid memory access and out of bounds read in RAR5 reader
  PR #1566, #1618, CVE-2021-31566:
    extended fix for following symlinks when processing the fixup list

Other notable bugfixes and improvements:
  PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
  PR #1625: reduced size of application binaries

Obtained from:		libarchive
Libarchive commit:	9147def1da7ad1bdd47b3559eb1bfeeb0e0f374b
Libarchive tag:		v3.6.0
</pre>
</div>
</content>
</entry>
<entry>
<title>Update vendor/libarchive/dist to libarchive/libarchive@1b2c437b9</title>
<updated>2021-08-23T00:24:04+00:00</updated>
<author>
<name>Martin Matuska</name>
<email>mm@FreeBSD.org</email>
</author>
<published>2021-08-23T00:24:04+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=9aa5476184726da9d9159568c9b15e29451b5778'/>
<id>9aa5476184726da9d9159568c9b15e29451b5778</id>
<content type='text'>
Libarchive 3.5.2

New features:
  PR #1502: Support for PWB and v7 binary cpio formats
  PR #1509: Support of deflate algorithm in symbolic link decompression
            for ZIP archives

Important bugfixes:
  IS #1044: fix extraction of hardlinks to symlinks
  PR #1480: Fix truncation of size values during 7zip archive
            extraction on 32bit architectures
  PR #1504: fix rar header skiming
  PR #1514: ZIP excessive disk read - fix location of central directory
  PR #1520: fix double-free in CAB reader
  PR #1521: Fixed leak of rar before ending with error
  PR #1530: Handle short writes from archive_write_callback
  PR #1532: 7zip: Use compression settings from file also for file header
  IS #1566: do not follow symlinks when processing the fixup list

Obtained from:		libarchive
Libarchive commit:	1b2c437b99b361c7692538fa373e99955e9b93ae
Libarchive tag:		v3.5.2
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Libarchive 3.5.2

New features:
  PR #1502: Support for PWB and v7 binary cpio formats
  PR #1509: Support of deflate algorithm in symbolic link decompression
            for ZIP archives

Important bugfixes:
  IS #1044: fix extraction of hardlinks to symlinks
  PR #1480: Fix truncation of size values during 7zip archive
            extraction on 32bit architectures
  PR #1504: fix rar header skiming
  PR #1514: ZIP excessive disk read - fix location of central directory
  PR #1520: fix double-free in CAB reader
  PR #1521: Fixed leak of rar before ending with error
  PR #1530: Handle short writes from archive_write_callback
  PR #1532: 7zip: Use compression settings from file also for file header
  IS #1566: do not follow symlinks when processing the fixup list

Obtained from:		libarchive
Libarchive commit:	1b2c437b99b361c7692538fa373e99955e9b93ae
Libarchive tag:		v3.5.2
</pre>
</div>
</content>
</entry>
</feed>
