| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
=== bspatch ===
MFS r306213: bspatch Capsicumization, sanity checks, and other improvements
r304691: bspatch: apply style(9)
Make style changes (and trivial refactoring of open calls) now in order
to reduce noise in diffs for future capsicum changes.
r304807 (allanjude): Capsicumize bspatch
Move all of the fopen() and open() calls to the top of main()
Restrict each FD to least privilege (read/seek only, write only, etc)
cap_enter(), and make all except the output FD read/seek only.
r304821: bspatch: remove output file in the case of error
r305486: bspatch: add sanity checks on sizes to avoid integer overflow
Note that this introduces an explicit 2GB limit, but this was already
implicit in variable and function argument types.
This is based on the "non-cryptanalytic attacks against freebsd
update components" anonymous gist. Further refinement is planned.
r305737: bspatch: remove superfluous newlines from errx strings
r305822: bspatch: use #define for header size instead of magic number
r306026: bspatch: Remove backwards-compatibility sys/capability.h support
bspatch previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version, as FreeBSD is the upstream for bsdiff and we may
see this file incorporated into other third-party software.
The Capsicum header is now installed as sys/capsicum.h in stable/10 and
FreeBSD 10.3, so we can just use sys/capsicum.h and simplify the logic.
With this change, bspatch is identical between head, stable/11 and releng/11.0.
=== portsnap ===
MFS r305648 (delphij): MFC r305469:
Ensure that we always open only files that is named by explicitly
using shell redirections instead of having gzip(1) to decide what
file to open.
Issue reported in the "non-cryptanalytic attacks against freebsd
update components" anonymous gist.
=== libarchive ===
MFS r305754 (mm): MFC r305422:
Sync libarchive with vendor
Vendor issues fixed:
PR #777: Multiple bugfixes for setup_acls()
This includes a bugfix for a bug that caused ACLs not to be read properly
for files and directories inside subdirectories and as a result not being
stored or being incorrectly stored in tar archives.
MFS r306321 (mm): MFC r305819:
Sync libarchive with vendor including important security fixes.
Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions
This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
Fix for vulnerability #2 has already been merged.
Approved by: re (gjb), so (glebius)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFC r304075,r304989:
Sync libarchive with vendor including security fixes
Vendor issues fixed:
Issue #731: Reject tar entries >= INT64_MAX
Issue #744: Very long pathnames evade symlink checks
Issue #748: libarchive can compress, but cannot decompress zip some files
PR #750: ustar: fix out of bounds read on empty string ("") filename
PR #755: fix use of acl_get_flagset_np() on FreeBSD
Issue #767: Buffer overflow printing a filename
Issue #770: Zip read: be more careful about extra_length
MFC r304874:
Temporarily disable two libarchive tests that have not yet been fixed by
vendor. Tests will be re-enabled after a fix has been merged.
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
test_write_format_gnutar_filenames.c
MFC after: 1 week
PR: 204157 (1)
Approved by: re (hrs)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update libarchive to 3.2.1 (bugfix and security fix release)
List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
(vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
(vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
(vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes
Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader
MFC after: 1 week
Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
Approved by: re (kib)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert r299576:
Fix broken cpio behavior.
MFV r299895:
Update to vendor git commit 860ec63.
MFC after: 3 weeks (together with libarchive 3.2.0)
Fix broken cpio behavior in pass-through mode with vendor code.
> Description of fields to fill in above: 76 columns --|
> PR: If and which Problem Report is related.
> Submitted by: If someone else sent in the change.
> Reported by: If someone else reported the issue.
> Reviewed by: If someone else reviewed your modification.
> Approved by: If you needed approval for this commit.
> Obtained from: If the change is from a third party.
> MFC after: N [day[s]|week[s]|month[s]]. Request a reminder email.
> MFH: Ports tree branch name. Request approval for merge.
> Relnotes: Set to 'yes' for mention in release notes.
> Security: Vulnerability reference (one per line) or description.
> Sponsored by: If the change was sponsored by an organization.
> Differential Revision: https://reviews.freebsd.org/D### (*full* phabric URL needed).
> Empty fields above will be automatically removed.
_M libarchive
_M libarchive/cpio
M libarchive/cpio/bsdcpio.1
M libarchive/cpio/cpio.c
_M libarchive/libarchive
M libarchive/libarchive/archive_read_support_format_cpio.c
|
| |
|
|
|
|
| |
Suggested upstream as PR #704.
MFC: 1 month (together with libarchive 3.2.0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update libarchive to 3.2.0
New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive
Patched files (fixed compiler warnings):
contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)
MFC after: 1 month
Relnotes: yes
|
| |
|
|
|
|
|
|
|
|
|
| |
Partially apply upstream changeset 6e06b1c8 (kientzle).
Limit filter recursion level to 25 (instead of infinite). This fixes a
potential crash issue discovered by Alexander Cherepanov.
PR: 207362
Reported by: Robert Clausecker
Obtained from: libarchive github project
|
| |
|
|
|
|
|
|
|
|
| |
Apply upstream changeset bf4f6ec64e:
Fix issue 356: properly skip a sparse file entry in a tar file.
PR: 201506
MFC after: 3 days
Relnotes: yes
|
| |
|
|
|
|
| |
Don't segfault when reading malformed cpio archives.
MFC after: 3 days
|
| |
|
|
|
|
|
|
| |
excluding it. This was broken in 3.0.4 (r238856).
Obtained from: https://github.com/libarchive/libarchive/commit/fa9e61
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
usr.bin/cpio on amd64 (or any arch with 64-bit time_t):
contrib/libarchive/cpio/cpio.c:1143:6: error: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Werror,-Wabsolute-value]
if (abs(mtime - now) > (365/2)*86400)
^
contrib/libarchive/cpio/cpio.c:1143:6: note: use function 'labs' instead
if (abs(mtime - now) > (365/2)*86400)
^~~
labs
1 error generated.
This is because time_t is a long on amd64. To avoid the warning, just
copy the equivalent test from a few lines before, which is used in the
Windows case, and which is type safe.
Reviewed by: emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D1198
|
| |
|
|
|
|
|
|
|
| |
regular file name. This fixes the problem, when bsdtar can not create
hardlinks to extracted files.
Silence from: kientzle@
MFC after: 1 week
Sponsored by: Yandex LLC
|
| |
|
|
|
|
|
|
|
| |
extattr_set_{fd,file,link} is logically a write(2)-like operation and
should return ssize_t, just like extattr_get_*. Also, the user-space
utility was using an int for the return value of extattr_get_* and
extattr_list_*, both of which return an ssize_t.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Limit write requests to at most INT_MAX.
This prevents a certain common programming error (passing -1 to write)
from leading to other problems deeper in the library.
References:
https://github.com/libarchive/libarchive/commit/22531545514043e0
Reported by: Xin Li <delphij@FreeBSD.org>
Obtained from: libarchive (master branch)
|
| |
|
|
|
|
|
|
|
|
|
| |
Update libarchive to 3.1.2
Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support for __MACOSX directory in Zip archives
- support for lzop compresion (external utility)
|
| |
|
|
| |
"2 hours ago".
|
| |
|
|
|
|
|
|
|
|
| |
Support appending to empty archives
References:
https://github.com/libarchive/libarchive/pull/17
Submitted by: myself
Obtained from: libarchive master branch on github
|
| |
|
|
|
|
|
| |
Source:
https://github.com/libarchive/libarchive/commit/f67370d5
Obtained from: libarchive (master branch)
|
| |
|
|
|
|
|
|
|
|
| |
Apply fix from vendor's master branch.
References:
https://github.com/libarchive/libarchive/commit/d8b9dbd
Reported on: freebsd-current@
Obtained from: libarchive
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.
Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
| |
|
|
|
|
|
|
|
|
| |
Fixes vendor issue 224:
"Mishandling CD9660 images with RockRidge extensions from FreeBSD makefs"
References:
http://code.google.com/p/libarchive/issues/detail?id=224
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
Vendor has integrated most of our local changes in revisions 3976-3979 so
future updates are going to be easier.
Thanks to Tim Kientzle <kientzle@FreeBSD.org>.
MFC after: 8 days
|
| |
|
|
|
| |
Reported by: Emil Mikulic (private e-mail)
MFC after: 12 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r204111 (uqs):
Fix common misspelling of hierarchy
r211054 (kientzle);
Fix -R when used with -p. Previously, the
uname and gname weren't overwritten, so the
disk restore would use those to lookup the
original uid/gid again. Clearing the uname
and gname prevents this.
r212263 (gjb):
Fix typo in bsdcpio manual:
s/libarchive_formats/libarchive-formats
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r204111 (uqs):
Fix common misspelling of hierarchy
r207786 (kientzle):
Various manpage updates, including many long-option synonyms that were
previously undocumented.
r208028 (uqs):
mdoc: move remaining sections into consistent order
This pertains mostly to FILES, HISTORY, EXIT STATUS and AUTHORS sections.
r209152 (kientzle):
If the compressed data is larger than the uncompressed,
report the compression ratio as 0% instead of displaying
nonsense triggered by numeric overflow. This is common
when dealing with uncompressed files when the I/O blocking
causes there to be small transient differences in the
accounting.
r210720 (joel):
Fix typos.
r223541 (kientzle):
If there is a read error reading Y/N confirmation from the keyboard,
exit immediately with an error.
If there is an error opening or reading a file to put into the archive,
set the return value for a deferred error exit.
r223573 (kientzle):
The --newer-than test should descend into old
directories to look for new files.
r226636 (kientzle):
Typo from previous commit. Urgh.
r224153 (mm, partial):
Update bsdtar.1 manpage
MFC after: 2 weeks
|
| |
|
|
|
|
|
| |
r213469:
Recognize both ! and ^ as markers for negated character classes.
MFC after: 2 weeks
|
| |
|
|
| |
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r204111 (uqs):
Fix common misspelling of hierarchy
r208027 (uqs):
mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the
bottom of the manpages and order them consistently.
GNU groff doesn't care about the ordering, and doesn't even mention
CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put
them.
r208291 (uqs):
mdoc: consistently spell our email addresses <foo@FreeBSD.org>
r209031 (uqs):
mdoc nitpicking: the title argument shall be uppercase
r214822 (kientzle):
Clarify the naming: Methods that free an object should
be called "free". Retain the old "finish" names to preserve
source compatibility for now.
r214905 (kientzle):
If the Zip reader doesn't see a PK signature block
because there's inter-entry garbage, just scan forward
to find the next one. This allows us to handle a lot
of Zip archives that have been modified in-place.
Thanks to: Gleb Kurtsou for sending me a sample archive
r216258 (kientzle):
Don't write data into an empty "file."
In particular, this check avoids a warning when
extracting directory entries from certain GNU tar
archives that store directory contents.
r225525 (kientzle):
Fix cpio on ARM.
MFC after: 2 weeks
|
| |
|
|
| |
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
| |
Add compatibility for ISO images created with unfixed makefs that
violated ECMA-119 (ISO9660): allow reserved4 to be 0x20 in PVD.
This allows tar to read FreeBSD distribution ISO images created
with makefs prior to NetBSD bin/45217 bugfix (up to 9.0-BETA1).
MFC after: 2 weeks
|
| |
|
|
|
|
| |
Add these files to FREEBSD-Xlist
MFC after: 2 weeks
|
| |
|
|
|
| |
This file is common for libarchive, cpio and tar and is going to be located
outside of contrib (lib/libarchive)
|
| |
|
|
|
|
| |
according to FREEBSD-Xlist
MFC after: 2 weeks
|
| |
|
|
| |
MFC after: 2 weeks
|
| |
|
|
| |
MFC after: 2 weeks
|
|
|
MFC after: 2 weeks
|
