From d7477941dbaca1a8f2916a367c2926e5fd74c7e6 Mon Sep 17 00:00:00 2001 From: mm Date: Sat, 11 Feb 2017 00:56:18 +0000 Subject: MFC r310866,310868,310870,311903,313074: Sync libarchive with vendor. MFC r310866: PR #771: Add NFSv4 ACL support to pax and restricted pax NFSv4 ACL information may now be stored to and restored from tar archives. ACL must be non-trivial and supported by the underlying filesystem, e.g. natively by ZFS or by UFS with the NFSv4 ACL enable flag set. MFC r310868: PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC r310870: Use __LA_DEPRECATED macro with functions deprecated in 379867e MFC r311903: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC r313074: - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() List of all libarchive issues at OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=libarchive Security: CVE-2017-5601 --- lib/libarchive/config_freebsd.h | 1 + lib/libarchive/tests/Makefile | 13 +++++++------ 2 files changed, 8 insertions(+), 6 deletions(-) (limited to 'lib/libarchive') diff --git a/lib/libarchive/config_freebsd.h b/lib/libarchive/config_freebsd.h index c82c8cc..24e2d75 100644 --- a/lib/libarchive/config_freebsd.h +++ b/lib/libarchive/config_freebsd.h @@ -39,6 +39,7 @@ #define HAVE_ACL_SET_FILE 1 #define HAVE_ACL_SET_LINK_NP 1 #define HAVE_ACL_USER 1 +#define HAVE_ACL_TYPE_NFS4 1 #define HAVE_ARC4RANDOM_BUF 1 #define HAVE_EXTATTR_GET_FILE 1 #define HAVE_EXTATTR_LIST_FILE 1 diff --git a/lib/libarchive/tests/Makefile b/lib/libarchive/tests/Makefile index 58c642e..ec17eee 100644 --- a/lib/libarchive/tests/Makefile +++ b/lib/libarchive/tests/Makefile @@ -21,11 +21,12 @@ CFLAGS+= -DHAVE_LIBLZMA=1 -DHAVE_LZMA_H=1 .PATH: ${LIBARCHIVEDIR}/libarchive/test TESTS_SRCS= \ - test_acl_freebsd_nfs4.c \ - test_acl_freebsd_posix1e.c \ test_acl_nfs4.c \ test_acl_pax.c \ + test_acl_platform_nfs4.c \ + test_acl_platform_posix1e.c \ test_acl_posix1e.c \ + test_acl_text.c \ test_archive_api_feature.c \ test_archive_clear_error.c \ test_archive_cmdline.c \ @@ -74,7 +75,7 @@ TESTS_SRCS= \ test_compat_plexus_archiver_tar.c \ test_compat_solaris_tar_acl.c \ test_compat_solaris_pax_sparse.c \ - test_compat_star_acl_posix1e.c \ + test_compat_star_acl.c \ test_compat_tar_hardlink.c \ test_compat_uudecode.c \ test_compat_uudecode_large.c \ @@ -327,6 +328,7 @@ FILES+= test_compat_cpio_1.cpio.uu FILES+= test_compat_gtar_1.tar.uu FILES+= test_compat_gtar_2.tar.uu FILES+= test_compat_gzip_1.tgz.uu +FILES+= test_compat_gzip_2.tgz.uu FILES+= test_compat_lz4_1.tar.lz4.uu FILES+= test_compat_lz4_2.tar.lz4.uu FILES+= test_compat_lz4_3.tar.lz4.uu @@ -339,7 +341,6 @@ FILES+= test_compat_lz4_B6.tar.lz4.uu FILES+= test_compat_lz4_B6BD.tar.lz4.uu FILES+= test_compat_lz4_B7.tar.lz4.uu FILES+= test_compat_lz4_B7BD.tar.lz4.uu -FILES+= test_compat_gzip_2.tgz.uu FILES+= test_compat_lzip_1.tlz.uu FILES+= test_compat_lzip_2.tlz.uu FILES+= test_compat_lzma_1.tlz.uu @@ -486,7 +487,7 @@ FILES+= test_read_format_rar_compress_normal.rar.uu FILES+= test_read_format_rar_encryption_data.rar.uu FILES+= test_read_format_rar_encryption_header.rar.uu FILES+= test_read_format_rar_encryption_partially.rar.uu -FILES+= test_read_format_rar_invalid1.rar.uu +FILES+= test_read_format_rar_invalid1.rar.uu FILES+= test_read_format_rar_multi_lzss_blocks.rar.uu FILES+= test_read_format_rar_multivolume.part0001.rar.uu FILES+= test_read_format_rar_multivolume.part0002.rar.uu @@ -521,7 +522,7 @@ FILES+= test_read_format_zip_filename_koi8r.zip.uu FILES+= test_read_format_zip_filename_utf8_jp.zip.uu FILES+= test_read_format_zip_filename_utf8_ru.zip.uu FILES+= test_read_format_zip_filename_utf8_ru2.zip.uu -FILES+= test_read_format_zip_high_compression.zip.uu +FILES+= test_read_format_zip_high_compression.zip.uu FILES+= test_read_format_zip_jar.jar.uu FILES+= test_read_format_zip_length_at_end.zip.uu FILES+= test_read_format_zip_mac_metadata.zip.uu -- cgit v1.1 From fbee5714f53d1a35972210733c8af3b6006ffba7 Mon Sep 17 00:00:00 2001 From: ngie Date: Sat, 11 Feb 2017 05:52:13 +0000 Subject: MFC r312456: Use SRCTOP-relative paths to other directories instead of .CURDIR-relative ones This implifies pathing in make/displayed output --- lib/libarchive/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/libarchive') diff --git a/lib/libarchive/Makefile b/lib/libarchive/Makefile index ffb2e97..2cf1633 100644 --- a/lib/libarchive/Makefile +++ b/lib/libarchive/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ .include -LIBARCHIVEDIR= ${.CURDIR}/../../contrib/libarchive +LIBARCHIVEDIR= ${SRCTOP}/contrib/libarchive LIB= archive DPADD= ${LIBZ} ${LIBBZ2} ${LIBLZMA} ${LIBPTHREAD} ${LIBBSDXML} -- cgit v1.1 From f7558dc7498e5054ab7bbea6b2c342c5e8ed4ed3 Mon Sep 17 00:00:00 2001 From: ngie Date: Sat, 11 Feb 2017 06:17:10 +0000 Subject: Unbreak the build after ^/stable/10@r313571 Update FILES per tests removed in beforementioned commit, which were accidentally overlooked, no doubt due to conflicts after base packaging work. This is a direct commit to ^/stable/10 Reported by: Jenkins (FreeBSD-stable-10-amd64-build job) --- lib/libarchive/tests/Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib/libarchive') diff --git a/lib/libarchive/tests/Makefile b/lib/libarchive/tests/Makefile index ec17eee..eed7b97 100644 --- a/lib/libarchive/tests/Makefile +++ b/lib/libarchive/tests/Makefile @@ -320,7 +320,8 @@ list.h: ${TESTS_SRCS} Makefile CLEANFILES+= list.h list.h.tmp FILES+= README -FILES+= test_acl_pax.tar.uu +FILES+= test_acl_pax_posix1e.tar.uu +FILES+= test_acl_pax_nfs4.tar.uu FILES+= test_archive_string_conversion.txt.Z.uu FILES+= test_compat_bzip2_1.tbz.uu FILES+= test_compat_bzip2_2.tbz.uu @@ -357,6 +358,7 @@ FILES+= test_compat_plexus_archiver_tar.tar.uu FILES+= test_compat_solaris_pax_sparse_1.pax.Z.uu FILES+= test_compat_solaris_pax_sparse_2.pax.Z.uu FILES+= test_compat_solaris_tar_acl.tar.uu +FILES+= test_compat_star_acl_nfs4.tar.uu FILES+= test_compat_star_acl_posix1e.tar.uu FILES+= test_compat_tar_hardlink_1.tar.uu FILES+= test_compat_uudecode_large.tar.Z.uu @@ -548,6 +550,7 @@ FILES+= test_read_large_splitted_rar_ab.uu FILES+= test_read_large_splitted_rar_ac.uu FILES+= test_read_large_splitted_rar_ad.uu FILES+= test_read_large_splitted_rar_ae.uu +FILES+= test_read_pax_schily_xattr.tar.uu FILES+= test_read_splitted_rar_aa.uu FILES+= test_read_splitted_rar_ab.uu FILES+= test_read_splitted_rar_ac.uu -- cgit v1.1