diff options
| author | Martin Matuska <mm@FreeBSD.org> | 2024-10-20 08:22:09 +0000 |
|---|---|---|
| committer | Martin Matuska <mm@FreeBSD.org> | 2024-10-20 08:24:02 +0000 |
| commit | bd66c1b43e33540205dbc1187c2f2a15c58b57ba (patch) | |
| tree | 473463fd17c6791b5dc5496470caee0e3aaf6163 /usr.bin/cpio | |
| parent | 5ca8c28cd8c725b81781201cfdb5f9969396f934 (diff) | |
| parent | eff4ff4791c83686dfc7251c9ab3fe8ab9e60f0e (diff) | |
libarchive: merge from vendor branch
Libarchive 3.7.7
Security fixes:
#2158 rpm: calculate huge header sizes correctly
#2160 util: fix out of boundary access in mktemp functions
#2168 uu: stop processing if lines are too long
#2174 lzop: prevent integer overflow
#2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
#2175 unzip: unify EOF handling
#2179 rar4: fix out of boundary access with large files
#2203 rar4: fix OOB access with unicode filenames
#2210 rar4: add boundary checks to rgb filter
#2248 rar4: fix OOB in delta filter
#2249 rar4: fix OOB in audio filter
#2256 fix multiple vulnerabilities identified by SAST
#2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
#2265 rar5: clear 'data ready' cache on window buffer reallocs
#2269 rar4: fix CVE-2024-26256 (CVE-2024-26256)
#2330 iso: be more cautious about parsing ISO-9660 timestamps
#2343 tar: clean up linkpath between entries
#2364 tar: don't crash on truncated tar archives
#2366 gzip: prevent a hang when processing a malformed gzip inside a gzip
#2377 tar: fix two leaks in tar header parsing
Important bugfixes:
#2096 rar5: report encrypted entries
#2150 xar: fix another infinite loop and expat error handling
#2173 shar: check strdup return value
#2161 lha: fix integer truncation on 32-bit systems
#2338 tar: fix memory leaks when processing symlinks or parsing pax headers
#2245 7zip: fix issue when skipping first file in 7zip archive that
is a multiple of 65536 bytes
#2252 7-zip: read/write symlink paths as UTF-8
#2259 rar5: don't try to read rediculously long names
#2290 ar: fix archive entries having no type
#2360 tar: fix truncation of entry pathnames in specific archives
CVE: CVE-2024-20696, CVE-2024-26256
PR: 282047 (exp-run)
MFC after: 1 week
Diffstat (limited to 'usr.bin/cpio')
| -rw-r--r-- | usr.bin/cpio/tests/Makefile | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/usr.bin/cpio/tests/Makefile b/usr.bin/cpio/tests/Makefile index 385112c1a9a2..9e1028c7eb58 100644 --- a/usr.bin/cpio/tests/Makefile +++ b/usr.bin/cpio/tests/Makefile @@ -33,6 +33,7 @@ TESTS_SRCS= \ test_0.c \ test_basic.c \ test_cmdline.c \ + test_extract_cpio_absolute_paths.c \ test_extract_cpio_Z.c \ test_extract_cpio_bz2.c \ test_extract_cpio_grz.c \ |