| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Important bugfixes between 3.8.6 and 3.8.7:
#2871 libarchive: fix handling of option failures
#2897 iso9660: fix undefined behavior
#2898 RAR: fix LZSS window size mismatch after PPMd block
#2900 CAB: fix NULL pointer dereference during skip
#2911 libarchive: do not continue with truncated numbers
#2919 CAB: Fix Heap OOB Write in CAB LZX decoder
#2934 iso9660: fix posibble heap buffer overflow on 32-bit systems
#2939 cpio: Fix -R memory leak
#2947 libarchive: lzop and grzip filter support
Important bugfixes between 3.8.5 and 3.8.6:
#2860 bsdunzip: fix ISO week year and Gregorian year confusion
#2864 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation
#2875 7zip: fix out-of-bounds access on ELF 64-bit header
#2877 RAR5 reader: fix infinite loop in rar5 decompression
#2878 mtree reader: Fix file descriptor leak in mtree parser cleanup
(CWE-775)
#2892 RAR5 reader: fix potential memory leak
#2893 RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called
twice
#2895 CAB reader: fix memory leak on repeated calls to
archive_read_support_format_cab
Obtained from: libarchive
Vendor commit: ded82291ab41d5e355831b96b0e1ff49e24d8939
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fixes:
#2364 tar: don't crash on truncated tar archives
#2366 gzip: prevent a hang when processing a malformed gzip inside a gzip
#2377 tar: fix two leaks in tar header parsing
Important bugfixes:
#2096 rar5: report encrypted entries
#2252 7-zip: read/write symlink paths as UTF-8
#2360 tar: fix truncation of entry pathnames in specific archives
Obtained from: libarchive
Vendor commit: b439d586f53911c84be5e380445a8a259e19114c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fixes:
#2158 rpm: calculate huge header sizes correctly
#2160 util: fix out of boundary access in mktemp functions
#2168 uu: stop processing if lines are too long
#2174 lzop: prevent integer overflow
#2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
#2175 unzip: unify EOF handling
#2179 rar4: fix out of boundary access with large files
#2203 rar4: fix OOB access with unicode filenames
#2210 rar4: add boundary checks to rgb filter
#2248 rar4: fix OOB in delta filter
#2249 rar4: fix OOB in audio filter
#2256 fix multiple vulnerabilities identified by SAST
#2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
#2265 rar5: clear 'data ready' cache on window buffer reallocs
#2269 rar4: fix CVE-2024-26256 (CVE-2024-26256)
Important bugfixes:
#2150 xar: fix another infinite loop and expat error handling
#2173 shar: check strdup return value
#2161 lha: fix integer truncation on 32-bit systems
#2245 7zip: fix issue when skipping first file in 7zip archive that
is a multiple of 65536 bytes
#2259 rar5: don't try to read rediculously long names
#2290 ar: fix archive entries having no type
Obtained from: libarchive
Vendor commit: 12ecf8418ab3595d66cdea1abadcea8b6a9d288b
CVE: CVE-2024-20696, CVE-2024-26256
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New features:
#1941 uudecode filter: support file name and file mode in raw mode
#1943 7-zip reader: translate Windows permissions into UNIX
permissions
#1962 zstd filter now supports the "long" write option
#2012 add trailing letter b to bsdtar(1) substitute pattern
#2031 PCRE2 support
#2054 add support for long options "--group" and "--owner" to tar(1)
Security fixes:
#2101 Fix possible vulnerability in tar error reporting introduced
in f27c173
Important bugfixes:
#1974 ISO9660: preserve the natural order of links
#2105 rar5: fix infinite loop if during rar5 decompression the last
block produced no data
#2027 xz filter: fix incorrect eof at the end of an lzip member
#2043 zip: fix end-of-data marker processing when decompressing zip
archives
Obtained from: libarchive
Libarchive commit: 4fcc02d906cca4b9e21a78a833f1142a2689ec52
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libarchive 3.6.0
New features:
PR #1614: tar: new option "--no-read-sparse"
PR #1503: RAR reader: filter support
PR #1585: RAR5 reader: self-extracting archive support
New features (not used in FreeBSD base):
PR #1567: tar: threads support for zstd (#1567)
PR #1518: ZIP reader: zstd decompression support
Security Fixes:
PR #1491, #1492, #1493, CVE-2021-36976:
fix invalid memory access and out of bounds read in RAR5 reader
PR #1566, #1618, CVE-2021-31566:
extended fix for following symlinks when processing the fixup list
Other notable bugfixes and improvements:
PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
PR #1625: reduced size of application binaries
Obtained from: libarchive
Libarchive commit: 9147def1da7ad1bdd47b3559eb1bfeeb0e0f374b
Libarchive tag: v3.6.0
|
|
|
Libarchive 3.5.2
New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompression
for ZIP archives
Important bugfixes:
IS #1044: fix extraction of hardlinks to symlinks
PR #1480: Fix truncation of size values during 7zip archive
extraction on 32bit architectures
PR #1504: fix rar header skiming
PR #1514: ZIP excessive disk read - fix location of central directory
PR #1520: fix double-free in CAB reader
PR #1521: Fixed leak of rar before ending with error
PR #1530: Handle short writes from archive_write_callback
PR #1532: 7zip: Use compression settings from file also for file header
IS #1566: do not follow symlinks when processing the fixup list
Obtained from: libarchive
Libarchive commit: 1b2c437b99b361c7692538fa373e99955e9b93ae
Libarchive tag: v3.5.2
|
