test_extract_cpio_absolute_paths.c - OpenGrok history log for /netbsd-src/external/bsd/libarchive/dist/cpio/test/test_extract_cpio_absolute

Revision		Date	Author	Comments
# c0434ef0		17-Oct-2024	christos <christos@NetBSD.org>	Import libarchive-3.7.7 (previous was 3.7.4) * Libarchive 3.7.7 is a bugfix and security release Security fixes: gzip: prevent a hang when processing a malformed gzip inside a gzip (#2366, OS Import libarchive-3.7.7 (previous was 3.7.4) * Libarchive 3.7.7 is a bugfix and security release Security fixes: gzip: prevent a hang when processing a malformed gzip inside a gzip (#2366, OSS-Fuzz) tar: don't crash on truncated tar archives (#2364, OSS-Fuzz) tar: fix two leaks in tar header parsing (#2377) Important bugfixes: 7-zip: read/write symlink paths as UTF-8 (#2252) cpio: exit with an error code if an entry could not be extracted (#2371) rar5: report encrypted entries (#2096) tar: fix truncation of entry pathnames in specific archives (#2360) windows: fix ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (#2363) * Libarchive 3.7.6 is a bugfix and security release. This release fixes a tar regression introduced in libarchive 3.7.5 (#2331, #2337) Important bugfixes. tar: clean up linkpath between entries (#2343) tar: fix memory leaks when processing symlinks or parsing pax headers (#2338) iso: be more cautious about parsing ISO-9660 timestamps (#2330) * Libarchive 3.7.5 is a bugfix and security release Security fixes: fix multiple vulnerabilities identified by SAST (#2251, #2256) cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258) lzop: prevent integer overflow (#2174) rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696) rar4: fix CVE-2024-26256 (#2269, CVS-2024-26256) rar4: fix OOB in delta and audio filter (#2148, #2149) rar4: fix out of boundary access with large files (#2179) rar4: add boundary checks to rgb filter (#2210) rar4: fix OOB access with unicode filenames (#2203) rar5: clear 'data ready' cache on window buffer reallocs (#2265) rpm: calculate huge header sizes correctly (#2158) unzip: unify EOF handling (#2175) util: fix out of boundary access in mktemp functions (#2160) uu: stop processing if lines are too long (#2168) Important bugfixes: 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes (#2245) ar: fix archive entries having no type (#2290) lha: do not allow negative file sizes (#2155) lha: fix integer truncation on 32-bit systems (#2161) shar: check strdup return value (#2173) rar5: don't try to read rediculously long names (#2259) xar: fix another infinite loop and expat error handling (#2150) many Windows fixes, cleanups and improvements show more ...

Revision

Date

Author

Comments

# c0434ef0

17-Oct-2024

christos <christos@NetBSD.org>

Import libarchive-3.7.7 (previous was 3.7.4)

* Libarchive 3.7.7 is a bugfix and security release

Security fixes:

gzip: prevent a hang when processing a malformed gzip inside a gzip
(#2366, OS

Import libarchive-3.7.7 (previous was 3.7.4)

* Libarchive 3.7.7 is a bugfix and security release

Security fixes:

gzip: prevent a hang when processing a malformed gzip inside a gzip
(#2366, OSS-Fuzz)
tar: don't crash on truncated tar archives (#2364, OSS-Fuzz)
tar: fix two leaks in tar header parsing (#2377)

Important bugfixes:

7-zip: read/write symlink paths as UTF-8 (#2252)
cpio: exit with an error code if an entry could not be extracted (#2371)
rar5: report encrypted entries (#2096)
tar: fix truncation of entry pathnames in specific archives (#2360)
windows: fix ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS (#2363)

* Libarchive 3.7.6 is a bugfix and security release.
This release fixes a tar regression introduced in libarchive 3.7.5
(#2331, #2337)

Important bugfixes.

tar: clean up linkpath between entries (#2343)
tar: fix memory leaks when processing symlinks or parsing pax headers
(#2338)
iso: be more cautious about parsing ISO-9660 timestamps (#2330)

* Libarchive 3.7.5 is a bugfix and security release

Security fixes:

fix multiple vulnerabilities identified by SAST (#2251, #2256)
cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
lzop: prevent integer overflow (#2174)
rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
rar4: fix CVE-2024-26256 (#2269, CVS-2024-26256)
rar4: fix OOB in delta and audio filter (#2148, #2149)
rar4: fix out of boundary access with large files (#2179)
rar4: add boundary checks to rgb filter (#2210)
rar4: fix OOB access with unicode filenames (#2203)
rar5: clear 'data ready' cache on window buffer reallocs (#2265)
rpm: calculate huge header sizes correctly (#2158)
unzip: unify EOF handling (#2175)
util: fix out of boundary access in mktemp functions (#2160)
uu: stop processing if lines are too long (#2168)
Important bugfixes:

7zip: fix issue when skipping first file in 7zip archive that is a
multiple of 65536 bytes (#2245)
ar: fix archive entries having no type (#2290)
lha: do not allow negative file sizes (#2155)
lha: fix integer truncation on 32-bit systems (#2161)
shar: check strdup return value (#2173)
rar5: don't try to read rediculously long names (#2259)
xar: fix another infinite loop and expat error handling (#2150)
many Windows fixes, cleanups and improvements