Created attachment 250236 [details] Libarchive 3.7.4 patch Please run an exp-run with libarchive upgrade to 3.7.4. Diff is against main. I would be very grateful if this could happen soon to have 3.7.4 in 14.1-RELEASE
Exp-run looks fine
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=13d826ff947d9026f98e317e7385b22abfc0eace commit 13d826ff947d9026f98e317e7385b22abfc0eace Merge: d289382897e7 51c823ac2777 Author: Martin Matuska <mm@FreeBSD.org> AuthorDate: 2024-04-29 08:15:04 +0000 Commit: Martin Matuska <mm@FreeBSD.org> CommitDate: 2024-04-29 08:17:53 +0000 libarchive: merge from vendor branch Libarchive 3.7.4 + three fixes from master Security fixes: #2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256) #2145 zip: Fix out of boundary access #2148 rar: Fix OOB in rar delta filter #2149 rar: Fix OOB in rar audio filter Important bugfixes: #2131 7zip: Limit amount of properties #2110 bsdtar: Fix error handling around strtol() usages #2116 passphrase: Never allow empty passwords #2124 rar: Fix "File CRC Error" when extracting specific rar4 archives #2123 xar: Avoid infinite link loop #2150 xar: Fix another infinite loop and expat error handling #2108 zip: Update AppleDouble support for directories #2071 zstd: Implement core detectiongit PR: 278588 (exp-run) MFC after: 1 day contrib/libarchive/NEWS | 2 + contrib/libarchive/README.md | 2 +- contrib/libarchive/cat/cmdline.c | 16 +++-- contrib/libarchive/cpio/cmdline.c | 16 +++-- contrib/libarchive/libarchive/archive.h | 6 +- contrib/libarchive/libarchive/archive_entry.h | 2 +- contrib/libarchive/libarchive/archive_entry_acl.3 | 2 +- contrib/libarchive/libarchive/archive_read_disk.3 | 4 +- .../libarchive/archive_read_support_format_7zip.c | 2 + .../libarchive/archive_read_support_format_all.c | 2 +- .../libarchive/archive_read_support_format_ar.c | 4 +- .../libarchive/archive_read_support_format_lha.c | 4 +- .../libarchive/archive_read_support_format_mtree.c | 8 +-- .../libarchive/archive_read_support_format_rar.c | 30 +++++++- .../libarchive/archive_read_support_format_warc.c | 10 ++- .../libarchive/archive_read_support_format_xar.c | 9 +++ .../libarchive/archive_read_support_format_zip.c | 15 +++- contrib/libarchive/libarchive/archive_util.c | 3 +- .../libarchive/archive_write_add_filter_zstd.c | 23 +++++- .../libarchive/archive_write_disk_posix.c | 3 +- .../libarchive/libarchive/archive_write_private.h | 2 +- .../libarchive/archive_write_set_format_gnutar.c | 2 +- .../libarchive/archive_write_set_passphrase.c | 35 ++++----- .../libarchive/libarchive/libarchive_internals.3 | 2 +- .../test/test_read_format_xar_doublelink.c (new) | 55 ++++++++++++++ .../test_read_format_xar_doublelink.xar.uu (new) | 12 ++++ .../libarchive/test/test_write_disk_appledouble.c | 84 ++++++++++++++++++++++ .../test_write_disk_appledouble_zip.zip.uu (new) | 27 +++++++ contrib/libarchive/libarchive_fe/passphrase.c | 4 +- contrib/libarchive/tar/bsdtar.1 | 15 ++-- contrib/libarchive/tar/bsdtar.c | 63 ++++++++-------- contrib/libarchive/tar/cmdline.c | 16 +++-- contrib/libarchive/unzip/cmdline.c | 18 +++-- contrib/libarchive/unzip/test/test_I.c | 13 ++++ lib/libarchive/tests/Makefile | 3 + 35 files changed, 404 insertions(+), 110 deletions(-)