- Update from version 3.7.0 to 3.7.4
- Update of rootfile
- CVE fix in 3.7.4
- Changelog
3.7.4
Security fixes:
rar: Fix OOB in rar e8 filter (#2135) (CVE-2024-26256)
zip: Fix out of boundary access (#2145)
Important bugfixes:
7zip: Limit amount of properties (#2131)
bsdtar: Fix error handling around strtol() usages (#2110)
passphrase: Improve newline handling on Windows (#2115)
passphrase: Never allow empty passwords (#2116)
rar: Fix "File CRC Error" when extracting specific rar4 archives (#2124)
xar: Avoid infinite link loop (#2123)
zip: Update AppleDouble support for directories (#2108)
zstd: Implement core detection (#2083, #2071)
3.7.3
New features:
PCRE2 support (#2031)
add trailing letter b to bsdtar(1) substitute pattern (#2012)
add support for long options "--group" and "--owner" to tar(1) (#2054)
Security fixes:
Fix possible vulnerability in tar error reporting introduced in f27c173 (#2101)
Important bugfixes:
ISO9660: preserve the natural order of links (#1974)
rar5: fix decoding unicode filenames on Windows (#1978)
rar5: fix infinite loop if during rar5 decompression the last block produced
no data (#2105)
xz filter: fix incorrect eof at the end of an lzip member (#2027)
zip: fix end-of-data marker processing when decompressing zip archives (#2042)
multiple bsdunzip(1) fixes (#2022, #2030)
filetime truncation fix on Windows (#2050)
3.7.2
Security fixes:
Multiple vulnerabilities have been fixed in the PAX writer (1b4e0d0)
Important bugfixes:
bsdunzip(1) now correctly handles arguments following an -x after the zipfile
New features:
bsdunzip(1) now supports the "--version" flag
7-zip reader now translates Windows permissions into UNIX permissions (#1943)
uudecode filter in raw mode now supports file name and file mode
zstd filter now supports the "long" write option (#1962)
3.7.1
Security fixes:
SEGV and stack buffer overflow in verbose mode of cpio (#1934, #1935)
Feature updates:
bsdunzip updated to match latest upstream code (#1926)
Important bugfixes:
miscellaneous functional bugfixes (#1731, #1929, #1930)
build fixes on multiple platforms (Android #1921, older MacOS X #1919, #1933
and others)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.6.2 to 3.7.0
- Update of rootfile
- Changelog
3.7.0 is a feature and bugfix release.
New features:
bsdunzip: new tool ported from FreeBSD (#1873)
drop-in replacement for Info-ZIP unzip, not yet ported for Windows
7zip reader: support for Zstandard compression (#1894)
7zip reader: support for ARM64 filter (#1918)
zstd filter: support for multi-frame zstd archives (#1818)
Other notable bugfixes and improvements:
pax: fix year 2038 problem on platforms with 64-bit time_t (#1840)
Windows: Universal Windows Platform (UWP) fixes and improvements (#1879, #1883, #1885, #1840)
Windows: bcrypt usage fixes and improvements (#1881, #1887)
Windows: time function usage fixes and improvements (#1820, #1824, #1830)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.6.1 to 3.6.2
- Update of rootfile
- patch to fix glibc 2.36 headers is now part of the source code
- Changelog
Libarchive 3.6.2 is a bugfix and security release.
Important bug fixes:
include ZSTD in Windows builds (#1688)
SSL fixes on Windows (#1714, #1723, #1724)
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 3.6.0 to 3.6.1
- Update of rootfile
- Changelog
Libarchive 3.6.1 is a bugfix and security release.
Security fixes:
7zip reader: fix PPMD read beyond boundary (#1671)
ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685)
RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
Bumping across one of our scripts with very long trailing whitespaces, I
thought it might be a good idea to clean these up. Doing so, some
missing or inconsistent licence headers were fixed.
There is no need in shipping all these files en bloc, as their
functionality won't change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.5.2 to 3.6.0
- Update of rootfile
- Changelog
Libarchive 3.6.0 is a feature and bugfix release.
New features:
tar: new option "--no-read-sparse" (#1614)
tar: threads support for zstd (#1567)
RAR reader: filter support (#1503)
RAR5 reader: self-extracting archive support (#1585)
ZIP reader: zstd decompression support (#1518)
Other notable bugfixes and improvements:
tar: respect "--ignore-zeros" in c, r and u modes (#1620)
reduced size of application binaries (#1625)
internal code optimizations
Libarchive 3.5.3 is a security release
Security Fixes:
extended fix for following symlinks when processing the fixup list
(#1566, #1617, CVE-2021-31566)
fix invalid memory access and out of bounds read in RAR5 reader
(#1491, #1492, #1493, CVE-2021-36976)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.5.1 to 3.5.2
- Update rootfile
- Changelog
Libarchive 3.5.2 is a feature and security release.
New minor features:
CPIO: Support for PWB and v7 binary cpio formats (#1502)
ZIP reader: Support of deflate algorithm in symbolic link decompression (#1509)
Important Security Fixes:
fix handling of symbolic link ACLs on Linux (#1565)
never follow symlinks when setting file flags on Linux (e2ad1a2)
do not follow symlinks when processing the fixup list (#1566)
Important Bugfixes:
fix extraction of hardlinks to symlinks (#1044)
7zip reader and writer fixes (#1480, #1532)
RAR reader fixes (#1504, #1521)
ZIP reader: fix excessive read for padded zip (#1514)
CAB reader: fix double free (#1520)
handle short writes from archive_write_callback (#1530)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.4.0 to 3.5.1
- Update rootfile
- Changelog
Libarchive 3.5.1 Released: Dec 26, 2020
Important bugfixes
various compilation fixes
fixed undefined behavior in a function in warc reader
Windows binary uses xz 5.2.5
Libarchive 3.5.0 Released: Dec 1, 2020
New features
mtree digest reader support
completed support for UTF-8 encoding conversion
minor API enhancements
support for system extended attributes
support for decompression of symbolic links in zipx archives
Important bugfixes
fixed extraction of archives with hard links pointing to itself
fixed writing of cpio archives containing hardlinks without file type
fixed rdev field in cpio format for device nodes
fixed uninitialized size in rar5_read_data
fixed memory leaks in error case of archive_write_open() functions
Libarchive 3.4.3 Released: May 20, 2020
New features
support for pzstd compressed files
support for RHT.security.selinux tar extended attribute
Important bugfixes
various zstd fixes and improvements child process
handling fixes
Libarchive 3.4.2 Released: Feb 11, 2020
New features
Atomic file extraction support (bsdtar -x --safe-writes)
mbed TLS (PolarSSL) support
Important bugfixes
security fixes in RAR5 reader
compression buffer fix in XAR writer
fix for uname and gname longer than 32 characters in PAX writer
fix segfault when archiving hard links in ISO9660 and XAR writers
fix support for extracting 7z archive entries with Delta filter
Libarchive 3.4.1 Released: Dec 30, 2019
New features
Unicode filename support for reading lha/lzh archives
New pax write option "xattrhdr"
Important bugfixes
security fixes in wide string processing
security fixes in RAR5 reader
security fixes and optimizations to write filter logic
security fix related to use of readlink(2)
sparse file handling fixes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
