Libarchive 3.7.7
Security fixes:
#2158 rpm: calculate huge header sizes correctly
#2160 util: fix out of boundary access in mktemp functions
#2168 uu: stop processing if lines are too long
#2174 lzop: prevent integer overflow
#2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
#2175 unzip: unify EOF handling
#2179 rar4: fix out of boundary access with large files
#2203 rar4: fix OOB access with unicode filenames
#2210 rar4: add boundary checks to rgb filter
#2248 rar4: fix OOB in delta filter
#2249 rar4: fix OOB in audio filter
#2256 fix multiple vulnerabilities identified by SAST
#2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
#2265 rar5: clear 'data ready' cache on window buffer reallocs
#2269 rar4: fix CVE-2024-26256 (CVE-2024-26256)
#2330 iso: be more cautious about parsing ISO-9660 timestamps
#2343 tar: clean up linkpath between entries
#2364 tar: don't crash on truncated tar archives
#2366 gzip: prevent a hang when processing a malformed gzip inside a gzip
#2377 tar: fix two leaks in tar header parsing
Important bugfixes:
#2096 rar5: report encrypted entries
#2150 xar: fix another infinite loop and expat error handling
#2173 shar: check strdup return value
#2161 lha: fix integer truncation on 32-bit systems
#2338 tar: fix memory leaks when processing symlinks or parsing pax headers
#2245 7zip: fix issue when skipping first file in 7zip archive that
is a multiple of 65536 bytes
#2252 7-zip: read/write symlink paths as UTF-8
#2259 rar5: don't try to read rediculously long names
#2290 ar: fix archive entries having no type
#2360 tar: fix truncation of entry pathnames in specific archives
CVE: CVE-2024-20696, CVE-2024-26256
(cherry picked from commit bd66c1b43e33540205dbc1187c2f2a15c58b57ba)
A new utility which dumps MIDI 1.0 events in real-time.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: dev_submerge.ch
Differential Revision: https://reviews.freebsd.org/D46418
(cherry picked from commit f57efe95cc25ae527c632d4ffcf064799f922216)
(cherry picked from commit b8007cfdb72c1be27d1d93937886fd60f21915ab)
(cherry picked from commit feb9ba2993cf6aefa49b7b17ca49c52210c26035)
(cherry picked from commit 53314e34d5e8e7f781ab990805b22f7a56bc0580)
by being locale dependant the json export is invalid in locales where
the separator for float is a comma.
The Json and the XML are invalid for login-time when days contains
contains characters which are not unicode.
Forcing locale to be C, makes this json and xml output valid and also
identical accross locales, so reliable for parsers
PR: 276304
Reported by: Vedran Miletic <vedran@miletic.net>
(cherry picked from commit bd490be57438a82c22d1274bc58d51142b63f4a0)
Following up from another review using basically the same code:
remove useless cast
replace uint32_t with unsigned int.
No functional changes expected
(cherry picked from commit 782766a32d963587a6aac8521aedd132b68a9dab)
the monitor command now subscribes too all groups if no "multicast
group" is provided, this avoid potential collision with a group that
could be named "all"
(cherry picked from commit f45132db215be4d811e0efa0d01bcab72e4d0a59)
Add a special keyword "all" for the group name, which allows genl
to monitor all groups in an existing family
(cherry picked from commit 65e7a648693cc151990688f48c190df1c1fc858b)
The ldd32 binary is currently in the utilities package but belongs in
utilities-lib32. This patch corrects the situation.
PR: 249145
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47023
(cherry picked from commit 53bb5613a8a15363718b6e6de8d965bf9a2c5469)
Remove an extra 'e' in the example command. It is a prefix, not a typo.
This is from the Advanced UNIX Programming Course (Fall’23) at NTHU.
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/913
(cherry picked from commit 7df526eb10c9095e4988e77900f60ba00c42b095)
This is from the Advanced UNIX Programming Course (Fall’23) at NTHU.
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/928
(cherry picked from commit a2ee3070d80ce06eefe3682f453605422cfbf5b6)
This is from the Advanced UNIX Programming Course (Fall’23) at NTHU.
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/929
(cherry picked from commit 0ba51e3b638424597add4212958524c9b750dd7b)
This is from the Advanced UNIX Programming Course (Fall’23) at NTHU.
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/930
(cherry picked from commit 1a35ead682408aaf5276ded49aa0c6daa7e10672)
This is from the Advanced UNIX Programming Course (Fall’23) at NTHU.
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/931
(cherry picked from commit 452c3e9514cbaaced8997458e34bb07b51c29bc9)
The man page states that the -d flag can be used to show the dropped
packets. But, the number of dropped input packets are always shown,
independent of the -d flag. This commit clarifies that the -d flag will
add the number of dropped output packets to the output.
MFC after: 3 days
Reviewed by: imp, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1332
(cherry picked from commit 1d551845f3e864e618a10ec6427bd46d887d4280)
This marks the start of the FreeBSD 14.2 release cycle; the stable/14
tree is now in "code slush".
Developers are encouraged to prioritize fixing bugs (and/or merging bug
fixes from HEAD) over new features at this time. Commit approval from
re@ is not required but if new features introduce problems they may be
removed from the release.
Approved by: re (implicit)
Sponsored by: Amazon
A new Kyua concept is added -- "execution environment". A test can be
configured to be run within a specific environment. The test case
lifecycle is extended respectively:
- execenv init (creates a jail or does nothing for default
execenv="host")
- test exec
- cleanup exec (optional)
- execenv cleanup (removes a jail or does nothing for default
execenv="host")
The following new functionality is provided, from bottom to top:
1 ATF based tests
- The new "execenv" metadata property can be set to explicitly ask for
an execution environment: "host" or "jail". If it's not defined, as
all existing tests do, then it implicitly means "host".
- The new "execenv.jail.params" metadata property can be optionally
defined to ask Kyua to use specific jail(8) parameters during creation
of a temporary jail. An example is "vnet allow.raw_sockets".
Kyua implicitly adds "children.max" to "execenv_jail_params"
parameters with the maximum possible value. A test case can override
it.
2 Kyuafile
- The same new metadata properties can be defined on Kyuafile level:
"execenv" and "execenv_jail_params".
- Note that historically ATF uses dotted style of metadata naming, while
Kyua uses underscore style. Hence "execenv.jail.params" vs.
"execenv_jail_params".
3 kyua.conf, kyua CLI
- The new "execenvs" engine configuration variable can be set to a list
of execution environments to run only tests designed for. Tests of not
listed environments are skipped.
- By default, this variable lists all execution environments supported
by a Kyua binary, e.g. execenvs="host jail".
- This variable can be changed via "kyua.conf" or via kyua CLI's "-v"
parameter. For example, "kyua -v execenvs=host test" will run only
host-based tests and skip jail-based ones.
- Current value of this variable can be examined with "kyua config".
[markj] This feature has not landed upstream yet.
See the discussion in https://github.com/freebsd/kyua/pull/224 .
Having the ability to automatically jail tests allows many network tests
to run in parallel, giving a drastic speedup. So, let's import the
feature and start using it in main.
Signed-off-by: Igor Ostapenko <pm@igoro.pro>
Reviewed by: markj, kp
Tested by: markj, kp
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D45865
(cherry picked from commit 257e70f1d5ee61037c8c59b116538d3b6b1427a2)
Approved by: kp (mentor), markj (mentor)
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: 0mp, markj
Differential Revision: https://reviews.freebsd.org/D47019
(cherry picked from commit d350e8d795d53dbc58ea428f76355cf5e28f6116)
cmp: Check the status of stdout.
POSIX requires us to print an error message and exit non-zero if
writing to stdout fails. This can only happen if sflag is unset.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D47020
(cherry picked from commit 3c37828ee1874754e1c5e96268016113c1e02ba2)
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D46996
(cherry picked from commit 334af5e4131b21c658203635bf713d6a59846585)
env: Improve documentation.
* The `env` utility's inability to run a command whose name contains an
equal sign is a feature, not a bug, so move that paragraph up from the
BUGS section to the DESCRIPTION section.
* Mention that this can be worked around by prefixing the command name
with `command`, and add an example of this to the EXAMPLE section.
* Add a test case which verifies that `env` does not run a command with
an equal sign in its name even if it exists, and also demonstrates the
workaround.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D46997
(cherry picked from commit a0dfb0668b45506de97beb4c7acbe3fd1ba69fc8)
env: Add an option to change the directory.
This mirrors the equivalent option in GNU coreutils env, but does not
add support for long options.
MFC after: 3 days
Relnotes: yes
Sponsored by: Klara, Inc.
Reviewed by: 0mp, bcr
Differential Revision: https://reviews.freebsd.org/D47008
(cherry picked from commit 6f6166e49c78f6460732c02bbbba6fcc218221cf)
env: Check the status of stdout.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D47009
(cherry picked from commit c2d93a803acef634bd0eede6673aeea59e90c277)
When reading the next code in a stream, avoid reading an extra byte if
we're going to throw it away. When there's no more bits to extract from
the stream, bits will be 0 and we'll mask the read byte with 0 anyway.
At worst, this will avoid reading one past the end of gbuf array (which
is not possible in well formed streams).
PR: 127912
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D47041
(cherry picked from commit 818c7b769a4f7d3c8fecc4cf491f4e22ef816eba)
The previous width of Netif (10 or 8) was too short for modern interface
names; make it 12, which is long enough to display "epair0a.1000".
This came up in practice with genet(4) interfaces, since the base
interface name is long enough that with the previous limit, VLAN
identifiers would be truncated at 1 character in the IPv6 output:
"genet0.100" becomes "genet0.1".
The width is now fixed, and doesn't depend on the address family,
because there's no reason that length of the interface name would vary
based on the AF.
Reviewed by: imp,zlei,Mina Galić
Pull Request: https://github.com/freebsd/freebsd-src/pull/1223
(cherry picked from commit d33b87e8cf91a6bcb5eac0ecc0371c1041c61050)
netstat: for -W, use IFNAMSIZ
If -W is specified, use IFNAMSIZ as the width of the Netif column,
instead of the default 12.
(cherry picked from commit ae9c0ba8ef2f540f9030909cf07e3c59f876fd23)
When a signal is trapped, the script continues after the trap code has
run, unless the trap code explicitly exits. In the particular case of
locate.updatedb, this is mostly harmless, except that the trap code is
executed twice (once for the signal and once when we reach the end of
the script), but it's still worth fixing.
Furthermore, install the trap as soon as we've created the temporary
directory, to minimize the window during which we can fail to clean up
after ourselves if interrupted.
While here, simplify the empty check at the end and make some minor
style tweaks.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D46475
(cherry picked from commit f62c1f3f8e91c78d402e1db4e518e4899a4ba2b9)
locate.updatedb: Revert to using cat to copy the db.
This script is usually run unprivileged, so install fails to create a
temporary file while copying the finished database. Revert to using
cat, which can overwrite the existing file as it is usually owned by
the same user which is running the script.
Fixes: f62c1f3f8e91
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D46872
(cherry picked from commit 26bd374e72681860af4bf9d639308ad245949460)
"fetch -qi" should skip printing "Not Modified" for successful
http(s) request. Still print it by default (v_level == 1).
(cherry picked from commit 7a6309fdc79427b0a7a5c3876daba150d946ae22)
Current libxo output does not have a root element. Valid XML requires a single
root element. This commit adds this root element.
The libxo output version bumped accordingly.
PR: 254635
Pull Request: https://github.com/freebsd/freebsd-src/pull/1330
(cherry picked from commit c7dd97ec99687996de49ec0b1a23bf007e5199b9)
If beep cannot open /dev/dsp provide more information to aid the user
in diagnosing a problem.
Reviewed by: christos
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 83325e7b738ce87d88553585b135b0e7d15997a6)
As of e67975d331 ("Fix 'calendar -a' in several ways."), `calendar -a`
will now fork off a new process for each user and do all of its own
processing in the user's own context.
As a side-effect, calendar(1) started calling setlogin(2) in each of the
forked processes and inadvertently hijacked the login name for the
session it was running under, which was typically not a fresh session
but rather that of whatever cron/periodic run spawned it. Thus, daily
and security e-mails started coming from completely arbitrary user.
We could create a new session, but it appears that nothing calendar(1)
does really needs the login name to be clobbered; opt to just avoid the
setlogin(2) call entirely rather than incur the overhead of a new
session for each process.
PR: 280418
Reviewed by: des, olce
Fixes: e67975d331 ("Fix 'calendar -a' in several ways.")
(cherry picked from commit 6cb8b61efe8899ee9194563108d0ae90c1eb89e3)
These ones were unambiguous cases where the Foundation was the only
listed copyright holder.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 5c2bc3db201a4fe8d7911cf816bea104d5dc2138)
Implement the improved SEG.ACK validation described in RFC 5961.
In addition to that, also detect ghost ACKs, which are ACKs for data
that has never been sent.
The additional checks are enabled by default, but can be disabled
by setting the sysctl-variable net.inet.tcp.insecure_ack to a
non-zero value.
PR: 250357
Reviewed by: Peter Lei, rscheff (older version)
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D45894
(cherry picked from commit 646c28ea80cb0f9258386626297495b5a0e56db5)
The legacy Stone algorithm uses `int` to represent line numbers, array
indices, and array lengths. If given inputs approaching `INT_MAX` lines,
it would overflow and attempt to allocate ridiculously large amounts of
memory. To avoid this without penalizing non-pathological inputs,
switch a few variables to `size_t` and add checks while and immediately
after reading both inputs.
MFC after: 3 days
PR: 280371
Sponsored by: Klara, Inc.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D46169
(cherry picked from commit 9317242469f1ca682626d9806f8caf65d143c09a)
The `--ignore-all-space` option was incorrectly documented as
`--ignore-all-spaces`.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: 0mp, markj
Differential Revision: https://reviews.freebsd.org/D46161
(cherry picked from commit ca75b7dac886de66fc06fd31facfa2c561f7567e)
The `--ignore-all-space` option was incorrectly documented as
`--ignore-all-blanks` in some (but not all) places.
MFC after: 3 days
PR: 280434
Sponsored by: Klara, Inc.
Reviewed by: 0mp, markj
Differential Revision: https://reviews.freebsd.org/D46160
(cherry picked from commit ab830de9f58c1b257e42b4fbdd46b3ca6a837ee6)
Following commit a87651e2ff18 add xrefs to intro(2) and sigaction(2),
and use a consistent form.
Suggested by: kib, arrowd
Reviewed by: kib (earlier)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45555
(cherry picked from commit 0277c0c6f72a964bf0439db1f4558551052e4f3b)
namei was mistaken for a typo (see GitHub pull request #1284). Add an
xref to make it clear.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45546
(cherry picked from commit a87651e2ff189cec4c26cb220354f1bc93794f31)
