| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update vendor/libarchive to 3.8.2
Important bugfixes:
#2477 tar writer: fix replacing a regular file with a dir for
ARCHIVE_EXTRACT_SAFE_WRITES
#2659 lib: improve filter process handling
#2664 zip writer: fix a memory leak if write callback error early
#2665 lib: archive_read_data: handle sparse holes at end of file correctly
#2668 7zip: Fix out of boundary access
#2670 zip writer: fix writing with ZSTD compression
#2672 lib: fix error checking in writing files
#2678 zstd write filter: enable Zstandard's checksum feature
#2679 lib: handle possible errors from system calls
#2707 lib: avoid leaking file descriptors into subprocesses
#2713 RAR5 reader: fix multiple issues in extra field parsing function
#2716 RAR5 reader: early fail when file declares data for a dir entry
#2717 bsdtar: Allow filename to have CRLF endings
#2719 tar reader: fix checking the result of the strftime (CVE-2025-25724)
#2737 tar reader: fix an infinite loop when parsing V headers
#2742 lib: parse_date: handle dates in 2038 and beyond if time_t is big
enough
Obtained from: libarchive
Vendor commit: 7f53fce04e4e672230f4eb80b219af17975e4f83
Security: CVE-2025-25724
PR: 290303 (exp-run)
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libarchive 3.7.7
Security fixes:
#2158 rpm: calculate huge header sizes correctly
#2160 util: fix out of boundary access in mktemp functions
#2168 uu: stop processing if lines are too long
#2174 lzop: prevent integer overflow
#2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
#2175 unzip: unify EOF handling
#2179 rar4: fix out of boundary access with large files
#2203 rar4: fix OOB access with unicode filenames
#2210 rar4: add boundary checks to rgb filter
#2248 rar4: fix OOB in delta filter
#2249 rar4: fix OOB in audio filter
#2256 fix multiple vulnerabilities identified by SAST
#2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
#2265 rar5: clear 'data ready' cache on window buffer reallocs
#2269 rar4: fix CVE-2024-26256 (CVE-2024-26256)
#2330 iso: be more cautious about parsing ISO-9660 timestamps
#2343 tar: clean up linkpath between entries
#2364 tar: don't crash on truncated tar archives
#2366 gzip: prevent a hang when processing a malformed gzip inside a gzip
#2377 tar: fix two leaks in tar header parsing
Important bugfixes:
#2096 rar5: report encrypted entries
#2150 xar: fix another infinite loop and expat error handling
#2173 shar: check strdup return value
#2161 lha: fix integer truncation on 32-bit systems
#2338 tar: fix memory leaks when processing symlinks or parsing pax headers
#2245 7zip: fix issue when skipping first file in 7zip archive that
is a multiple of 65536 bytes
#2252 7-zip: read/write symlink paths as UTF-8
#2259 rar5: don't try to read rediculously long names
#2290 ar: fix archive entries having no type
#2360 tar: fix truncation of entry pathnames in specific archives
CVE: CVE-2024-20696, CVE-2024-26256
PR: 282047 (exp-run)
MFC after: 1 week
|
|
|
Libarchive 3.7.3
New features:
#1941 uudecode filter: support file name and file mode in raw mode
#1943 7-zip reader: translate Windows permissions into UNIX
permissions
#1962 zstd filter now supports the "long" write option
#2012 add trailing letter b to bsdtar(1) substitute pattern
#2031 PCRE2 support
#2054 add support for long options "--group" and "--owner" to tar(1)
Security fixes:
#2101 Fix possible vulnerability in tar error reporting introduced
in f27c173
Important bugfixes:
#1974 ISO9660: preserve the natural order of links
#2105 rar5: fix infinite loop if during rar5 decompression the last
block produced no data
#2027 xz filter: fix incorrect eof at the end of an lzip member
#2043 zip: fix end-of-data marker processing when decompressing zip
archives
PR: 278315 (exp-run)
MFC after: 1 week
|
