Followup to #2318 which accidentally made zlib required.
Tested locally by increasing the version in CMakeLists.txt to 1.4.1
(which does not exist yet), and confirming that the build reports that a
suitable version of zlib was not found, while the build continued..
Emil Velikov [Sun, 1 Sep 2024 03:28:57 +0000 (04:28 +0100)]
tests: reduce zstd long option to 23 (#2305)
With 26 and 27, the sub-test is pushing 2G and 4G memory respectively.
There is no particular reason why we need to push for higher limits
here, so let's pick 23 with weights around 0.25G. The test suite overall
is in the 0.25 - 0.5G range and this fits perfectly.
Closes: https://github.com/libarchive/libarchive/issues/2080 Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Fix `test_write_format_zip_stream` failure when `HAVE_ZLIB_H` is not
defined.
If `libz` is present, `zip` archives would be compressed by default,
which requires `zip_version=20`. Otherwise, the archive is not
compressed and only requires `zip_version=10`. I'm building libarchive
on a machine not intended for developing, so basicly there's no optional
dependencies like `libz` available, guess that's why nobody else has
reported this issue.
Tim Kientzle [Tue, 9 Jul 2024 11:55:23 +0000 (04:55 -0700)]
Pax parsing should consistently use the FIRST pathname/linkname (#2264)
Pax introduced new headers that appear _before_ the legacy
headers. So pax archives require earlier properties to
override later ones.
Originally, libarchive handled this by storing the early
headers in memory so that it could do the actual parsing
from back to front. With this scheme, properties from
early headers were parsed last and simply overwrote
properties from later headers.
PR #2127 reduced memory usage by parsing headers in the
order they appear in the file, which requires later headers
to avoid overwriting already-set properties. Apparently,
when I made this change, I did not fully consider how charset
translations get handled on Windows, so failed to consistently
recognize when the path or linkname properties were in fact
actually set. As a result, the legacy path/link values (which have
no charset information) overwrote the pax path/link values (which
are known to be UTF-8), leading to the behavior observed in
#2248. This PR corrects this bug by adding additional
tests to see if the wide character path or linkname properties
are set.
Related: This bug was exposed by a new test added in #2228
which does a write/read validation to ensure round-trip filename
handling. This was modified in #2248 to avoid tickling the bug above.
I've reverted the change from #2248 since it's no longer necessary.
I have also added some additional validation to this test to
help ensure that the intermediate archive actually is a pax
format that includes the expected path and linkname properties
in the expected places.
Fix 'test_pax_filename_encoding_UTF16_win' by explicitly setting hdrcharset (#2248)
It would seem as though #2127 conflicted with my change #2228.
I previously thought that the writer was putting info into the archive
that strings were encoded in UTF-8, but I'm not so sure of that
anymore... In any case, explicitly setting `hdrcharset` on the reader as
well is a reasonable alternative and something we do already.
The RAR5 reader is using a small stack of cached pointers to submit the
rendered data to the caller. In malformed files it's possible for this
pointer cache to be desynchronized with the memory buffer those pointers
are pointing to, making libarchive crash on invalid memory access.
In particular, this ensures that we cannot overflow rounding-up
calculations. Recent tar changes put in a lot of sanity limits on the
sizes of particular kinds of data, but the usual behavior in most cases
was to skip over-large values. The skipping behavior required
rounding-up and accumulating values that could potentially overflow
64-bit integers. This adds some coarser checks that fail more directly
when an entry claims to be more than 1 exbibyte (2^60 bytes), avoiding
any possibility of numeric overflow along these paths.
Tim Kientzle [Sat, 6 Jul 2024 07:45:38 +0000 (00:45 -0700)]
Fix a minor date-parsing bug and fill in missing ISO9660 testing (#2260)
This is somewhat academic, since we don't actually expose any of the
ISO9660 header information that is stored in 17-byte date format, but
inspection revealed an off-by-one error in the parsing here.
This also proved a nice motivation to fill in some verification in our
most basic ISO9660 test case.
archive_entry_perms.3: clarify that you don't need to strdup() [gu]name (#2239)
Currently updating archivemount which does
```c
pwd = getpwuid(st.st_uid);
if(pwd)
archive_entry_set_uname(node->entry, strdup(pwd->pw_name));
grp = getgrgid(st.st_gid);
if(grp)
archive_entry_set_gname(node->entry, strdup(grp->gr_name));
```
and I'm assuming the strdups are actually leaks? The manual is silent on
this.
Sam Bingner [Fri, 5 Jul 2024 19:34:43 +0000 (09:34 -1000)]
Fix max path-length metadata writing (#2243)
Previous code added `.XXXXXX` to the end of the filename to write the
mac metadata. This is a problem if the filename is at or near the
filesystem max path length. This reuses the same code used by
create_tempdatafork to ensure that the filename is not too long.
Tim Kientzle [Fri, 5 Jul 2024 10:08:38 +0000 (03:08 -0700)]
Ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
The fuzzer constructed an AFIO (CPIO variant) archive that had a
rediculously large ino value, which caused an overflow of a signed
64-bit intermediate.
There are really three issues here:
* The CPIO parser was using a signed int64 as an intermediate type for
parsing numbers in all cases. I've addressed the overflow here by using
a uint64_t in the parser core, but left the resulting values as int64_t.
* The AFIO header parsing had no guards against rediculously large
values; it now rejects an archive when the ino or size fields (which are
allowed to be up to 16 hex digits long) overflow int64_t to produce a
negative value.
* The archive_entry would accept negative values for gid/uid/size/ino.
I've altered those so that these fields treat any negative value as zero
for these fields.
There was one test that actually verified that we could read a field
with size = -1. I've updated that to verify that the resulting size is
zero instead.
Tim Kientzle [Fri, 5 Jul 2024 10:05:41 +0000 (03:05 -0700)]
Don't try to read rediculously long names (#2259)
The Rar5 reader would read the name size, then read the name, then check
whether the name size was beyond the maximum size allowed. This can
result in a very large memory allocation to read a name. Instead, check
the name size before trying to read the name in order to avoid excessive
allocation.
Fix multiple vulnerabilities identified by SAST (#2256)
I went through ~50 findings of SAST reports and identified a few of them
as true positives. I might still have missed some intended uses or some
magic in the code so please provide feedback if you think some of these
shouldn't be applied and why.
Fatima Qarni [Sat, 22 Jun 2024 22:49:53 +0000 (17:49 -0500)]
Checks for null references (#2251)
Microsoft's static analysis tool found some vulnerabilities from
unguarded null references that I changed in
[microsoft/cmake](https://github.com/microsoft/cmake). Pushing these
changes upstream so they can be added to
[kitware/cmake](https://github.com/Kitware/CMake).
Duncan Horn [Thu, 20 Jun 2024 21:03:54 +0000 (14:03 -0700)]
Fix gnutar creation with unicode hardlink names on Windows (#2227)
The code currently uses `archive_entry_hardlink` to determine if an
entry is a hardlink, however on Windows, this call will fail if the path
cannot be represented in the current locale. This instead checks to see
if any entry in the `archive_mstring` is set.
Duncan Horn [Thu, 20 Jun 2024 21:01:47 +0000 (14:01 -0700)]
Fix & optimize string conversion functions for Windows (#2226)
All three parts of this change effectively stem from the same
assumption: most of the code in `archive_string.c` assumes that MBS <->
UTF-8 string conversion can be done directly and efficiently. This is
not quite true on Windows, where conversion looks more like MBS <-> WCS
<-> UTF-8. This results in a few inefficiencies currently present in the
code.
First, if the caller is asking for either the MBS or UTF-8 string, but
it's not currently set on the `archive_mstring`, then on Windows, it's
more efficient to first check if the WCS is set and do the conversion
with that. Otherwise, we'll end up doing a wasteful intermediate step of
converting either the MBS or UTF-8 string to WCS, which we already have.
Second, in the `archive_mstring_update_utf8` function, it's more
efficient on Windows to first convert to WCS and use that result to
convert to MBS, as opposed to the fallback I introduced in a previous
change, which converts UTF-8 to MBS first and disposes of the
intermediate WCS, only to re-calculate it.
Duncan Horn [Thu, 20 Jun 2024 03:15:13 +0000 (20:15 -0700)]
Fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes (#2245)
We noticed an issue where we had an archive that, if you skipped the
first entry and tried to extract the second, you'd get a failure saying
`Truncated 7-Zip file body`. Turns out that this is because the first
file in the archive is a multiple of 65,536 bytes (the size of the
uncompressed buffer) and therefore after `read_stream` skipped all of
the first file, `uncompressed_buffer_bytes_remaining` was set to zero
(because all data was consumed) and then it calls
`get_uncompressed_data` with `minimum` set to zero. This then saw that
`minimum > zip->uncompressed_buffer_bytes_remaining` evaluated to false,
causing us to read zero bytes, which got interpreted as a truncated
archive.
The fix here is simple: we now always call `extract_pack_stream` when
`uncompressed_buffer_bytes_remaining` is zero before exiting the
skipping loop.
Tim Kientzle [Mon, 17 Jun 2024 03:23:11 +0000 (20:23 -0700)]
[cpio test] Dates can be more than 12 bytes, depending on the locale (#2237)
In order to match cpio output, format the reference date with _at least_
12 bytes instead of _exactly_ 12 bytes. This should fix a gratuitous
test failure on certain systems that default to multi-byte locales.
Tim Kientzle [Mon, 17 Jun 2024 03:22:14 +0000 (20:22 -0700)]
Support ISOs with a non-standard PVD layouts (#2238)
The CSRG ISOs have a non-standard PVD layout with a 68-byte root
directory record (rather than the 34-byte record required by
ECMA119/ISO9660). I built a test image with this change and modified the
ISO9660 reader to accept it.
While I was working on the bid logic to recognize PVDs, I added a number
of additional correctness checks that should make our bidding a bit more
accurate. In particular, this should more than compensate for the
weakened check of the root directory record size.
Tim Kientzle [Sun, 16 Jun 2024 05:22:12 +0000 (22:22 -0700)]
Parse tar headers incrementally (#2127)
This rebuilds the tar reader to parse all header data incrementally as
it appears in the stream.
This definitively fixes a longstanding issue with unsupported pax
attributes. Libarchive must limit the amount of data that it reads into
memory, and this has caused problems with large unknown attributes. By
scanning iteratively, we can instead identify an attribute by name and
then decide whether to read it into memory or whether to skip it without
reading.
This design also allows us to vary our sanity limits for different pax
attributes (e.g., an attribute that is a single number can be limited to
a few dozen bytes while an attribute holding an ACL is allowed to be a
few hundred kilobytes). This allows us to be a little more resistant to
malicious archives that might try to force allocation of very large
amounts of memory, though there is still work to be done here.
This includes a number of changes to archive_entry processing to allow
us to consistently keep the _first_ appearance of any given value
instead of the original architecture that recursively cached data in
memory in order to effectively process all the data from back-to-front.
Duncan Horn [Sun, 16 Jun 2024 05:20:00 +0000 (22:20 -0700)]
Fix a couple issues with creating PAX archives (#2228)
Note: this is a partial cherry-pick from
https://github.com/libarchive/libarchive/pull/2095, which I'm going to
go through and break into smaller pieces in hopes of getting some things
in while discussion of other things can continue.
There's basically two fixes here:
The first is to check for the presence of the WCS pathname on Windows
before failing since the conversion from WCS -> MBS might fail. Later
execution already handles such paths correctly.
The second is to set the converted link name on the target entry where
relevant. Note that there has been prior discussion on this here:
https://github.com/libarchive/libarchive/pull/2095/files#r1531599325
alice [Sat, 15 Jun 2024 00:26:14 +0000 (02:26 +0200)]
rar: fix UB negation overflow for INT32_MIN address (#2235)
certain rar files seem to have the lowest possible address here, so flip
the argument order to correctly evaluate this instead of invoking UB
(caught via sanitize=undefined)
---
the backtrace looks something like:
```
* frame #0: 0x00007a1e3898727b libarchive.so.13`execute_filter [inlined] execute_filter_e8(filter=<unavailable>, vm=<unavailable>, pos=<unavailable>, e9also=<unavailable>) at archive_read_support_format_rar.c:3640:47
frame #1: 0x00007a1e3898727b libarchive.so.13`execute_filter(a=<unavailable>, filter=0x00007a1e39e2f090, vm=0x00007a1e31b1efd0, pos=<unavailable>) at archive_read_support_format_rar.c:0
frame #2: 0x00007a1e38983ac3 libarchive.so.13`read_data_compressed [inlined] run_filters(a=0x00007a1e34209700) at archive_read_support_format_rar.c:3395:8
frame #3: 0x00007a1e38983a9e libarchive.so.13`read_data_compressed(a=0x00007a1e34209700, buff=0x00007a1e31a01fd8, size=0x00007a1e31a01fd0, offset=0x00007a1e31a01fc0, looper=1) at archive_read_support_format_rar.c:2083:12
frame #4: 0x00007a1e38981b10 libarchive.so.13`archive_read_format_rar_read_data(a=0x00007a1e34209700, buff=0x00007a1e31a01fd8, size=0x00007a1e31a01fd0, offset=0x00007a1e31a01fc0) at archive_read_support_format_rar.c:1130:11
frame #5: 0x00006158bc5d30d3 file-roller`extract_archive_thread(result=0x00007a1e3711e2b0, object=<unavailable>, cancellable=0x00007a1e3870bf20) at fr-archive-libarchive.c:999:17
frame #6: 0x00007a1e39928d6d libgio-2.0.so.0`run_in_thread(job=<unavailable>, c=<unavailable>, _data=0x00007a1e326e9740) at gsimpleasyncresult.c:899:5
frame #7: 0x00007a1e3990614e libgio-2.0.so.0`io_job_thread(task=<unavailable>, source_object=<unavailable>, task_data=0x00007a1e2307fc20, cancellable=<unavailable>) at gioscheduler.c:75:16
frame #8: 0x00007a1e399433bf libgio-2.0.so.0`g_task_thread_pool_thread(thread_data=0x00007a1e35c18ab0, pool_data=<unavailable>) at gtask.c:1583:3
frame #9: 0x00007a1e39db77e8 libglib-2.0.so.0`g_thread_pool_thread_proxy(data=<unavailable>) at gthreadpool.c:336:15
frame #10: 0x00007a1e39db5bfb libglib-2.0.so.0`g_thread_proxy(data=0x00007a1e378147d0) at gthread.c:835:20
frame #11: 0x00007a1e3a0b5c7b ld-musl-x86_64.so.1`start(p=0x00007a1e31a02170) at pthread_create.c:208:17
frame #12: 0x00007a1e3a0b8a8b ld-musl-x86_64.so.1`__clone + 47
```
note the 0xd which is 14 which is NegateOverflow in ubsan:
for reference, the totally legal rar file is
https://img.ayaya.dev/05WYGFOcRPN9 , and this seems to only crash when
extracted via file-roller (or inside nautilus)
Duncan Horn [Wed, 12 Jun 2024 19:01:40 +0000 (12:01 -0700)]
Update ustar creation sanity check to use WCS path on Windows (#2230)
On Windows, the MBS pathname might be null if the string was set with a
WCS that can't be represented by the current locale. This is handled
properly by the rest of the code, but there's a sanity check that does
not make the proper distinction.
Note: this is a partial cherry-pick from
https://github.com/libarchive/libarchive/pull/2095, which I'm going to
go through and break into smaller pieces in hopes of getting some things
in while discussion of other things can continue.
Duncan Horn [Wed, 12 Jun 2024 19:00:24 +0000 (12:00 -0700)]
Add unicode test for creating zip files on Windows (#2231)
There's no bug fix here - this just adds a test to verify that zip
creation when using the _w functions works as expected on Windows.
Note: this is a partial cherry-pick from
https://github.com/libarchive/libarchive/pull/2095, which I'm going to
go through and break into smaller pieces in hopes of getting some things
in while discussion of other things can continue.
Mrmaxmeier [Wed, 12 Jun 2024 18:57:20 +0000 (20:57 +0200)]
Fuzzing: Expose `DONT_FAIL_ON_CRC_ERROR` as a CMake option and honor it in the rar5 decoder (#2229)
Hey,
the fuzzing infrastructure over at OSSFuzz builds libarchive with the
CMake option `-DDONT_FAIL_ON_CRC_ERROR=1`.
https://github.com/google/oss-fuzz/blob/e4643b64b3af4932bff23bb87afdfbac2a301969/projects/libarchive/build.sh#L35
This, unfortunatly, does not do anything since it's never been defined
as an option.
Building the fuzzers with CRC checks disabled should improve fuzzing
efficacy a bunch.
Lukas Javorsky [Tue, 11 Jun 2024 04:41:25 +0000 (06:41 +0200)]
Use calloc instead of malloc to clear the memory from leftovers (#2207)
This ensures that the buffer is properly initialized and does not
contain any leftover data from previous operations. It is used later in
the `archive_entry_copy_hardlink_l` function call and could be
uninitialized.
Duncan Horn [Tue, 11 Jun 2024 04:23:13 +0000 (21:23 -0700)]
Update archive_entry_link_resolver to copy the "wide" pathname for hardlinks on Windows (#2225)
On Windows, if you are using `archive_entry_link_resolver` and give it
an entry that links to past entry whose pathname was set using a "wide"
string that cannot be represented by the current locale (i.e. WCS -> MBS
conversion fails), this code will crash due to a null pointer read. This
updates to use the `_w` function instead on Windows.
Note: this is a partial cherry-pick from
https://github.com/libarchive/libarchive/pull/2095, which I'm going to
go through and break into smaller pieces in hopes of getting some things
in while discussion of other things can continue.
Sevan Janiyan [Tue, 11 Jun 2024 03:42:13 +0000 (04:42 +0100)]
Always use our supplied la_queue.h (#2222)
On legacy systems the OS supplied `sys/queue.h` may lack the required
macros, so to avoid having to verify if the version of queue.h is of
use, opt to always to `la_queue.h` which will match expectations.
Allows libarchive to build on legacy Darwin where `STAILQ_FOREACH` would
be missing from `sys/queue.h`.
Duncan Horn [Sat, 8 Jun 2024 19:41:04 +0000 (12:41 -0700)]
Fix compilation when using Clang in "MSVC mode" (#2221)
When using Clang in "MSVC mode" (i.e. clang-cl), command line arguments
are interpreted as MSVC would interpret them, at least when there are
conflicts. This means that `-Wall` - potentially among other switches -
is interpreted _dramatically_ differently by clang-cl compared to
"normal" Clang.
In CMake, this can be detected by testing for `if (MSVC)` in addition to
compiler id test, which is what I do here.
Note: this is a partial cherry-pick from #2095, which I'm going to go
through and break into smaller pieces in hopes of getting some things in
while discussion of other things can continue.
Turning window_mask into ssize_t and adjusting the signature of
circular_memcpy reduces the amount of required casts. Since window_mask
depends on value window_size, which is ssize_t, this change is safe.
Also turned extra_data_size into int64_t, which is a no-op on 64 bit
systems but prevents 32 bit systems from truncating these huge values in
archives. Since these systems most likely have large file support, this
could have meant truncation -- in theory.
Wei-Cheng Pan [Tue, 28 May 2024 09:40:32 +0000 (18:40 +0900)]
fix(rar): add boundary checks to rgb filter (#2210)
`blocklength` should be bigger than `3` (channel count)
`byteoffset` should not be bigger than `2` (does not make sense as per the
last loop)
`src` should not overlap with `dst`.
There is no allocation in this function so it should be safe to return
early.
Most of the functions already use size_t for sizes. Do the same for
xml_data. The libraries expat and libxml2 do not support strings larger
than 2 GB (limit is less than this) but it fixes one last Visual Studio
compiler warning which I missed previously.
Use casts where appropriate (values cannot exceed data type limits).
Fixes following warnings:
warning C4244: '=': conversion from 'int64_t' to 'long', possible loss
of data
warning C4244: '=': conversion from 'uint64_t' to 'size_t', possible
loss of data
dependabot[bot] [Tue, 14 May 2024 07:42:29 +0000 (09:42 +0200)]
CI: Bump the all-actions group with 3 updates (#2184)
Updates `actions/checkout` from 4.1.4 to 4.1.5
Updates `github/codeql-action` from 3.25.3 to 3.25.5
Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3
Adjust type of variables for their specific use case
Add a new inline function to unify casting (and clarify code blocks)
Use definition to explain magic number (and reduce casts)
Use `hpos` instead of magic number to highlight that additional bytes
will be parsed
Switch from int64_t to ssize_t for l and body, which is a no-op on 64
bit systems. On 32 bit systems, this change is okay because these
variables interact with other ssize_t variables in this scope.
Fixes compiler warning regarding line 584 in which ssize_t and int64_t
are mixed in calculations:
warning C4244: '=': conversion from 'int64_t' to 'long'
The cast in ppmd_read function is safe even on 32 bit systems. It is
called byte for byte which makes it impossible to actually reach
SIZE_MAX on any real world hardware.
Fixes Visual Studio warnings:
warning C4244: '=': conversion from 'uint64_t' to 'size_t', possible
loss of data
warning C4244: 'function': conversion from 'int64_t' to 'size_t',
possible loss of data
Martin Matuška [Fri, 10 May 2024 01:00:33 +0000 (03:00 +0200)]
unzip: do not use getenv() and setenv() in test_I.c (#2177)
This setenv() call may clobber the memory pointed to by lang.
It is also insufficient, since you don't run in a clean environment, so
LANG may be overridden by an inherited LC_ALL or LC_CTYPE, or by the
user's .profile (remember that system() does not execute the command
directly, but passes it to a shell).
copy_from_lzss_window_to_unp unnecessarily took an `int` parameter where
both of its callers were holding a `size_t`.
A lzss opcode chain could be constructed that resulted in a negative
copy length, which when passed into memcpy would result in a very, very
large positive number.
Switching copy_from_lzss_window_to_unp to take a `size_t` allows it to
properly bounds-check length.
In addition, this patch also ensures that `length` is not itself larger
than the destination buffer.
If EOF is encountered while reading the new filename after choosing 'r',
avoid out of boundary access and usage of undefined memory content by
treating it the same way as if the question itself was not answered.
dependabot[bot] [Sun, 5 May 2024 22:56:25 +0000 (15:56 -0700)]
CI: Bump the all-actions group with 2 updates (#2152)
Bumps the all-actions group with 2 updates:
[actions/checkout](https://github.com/actions/checkout) and
[github/codeql-action](https://github.com/github/codeql-action).
Updates `actions/checkout` from 4.1.3 to 4.1.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller"><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.1.3...v4.1.4">https://github.com/actions/checkout/compare/v4.1.3...v4.1.4</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v4.1.4</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller"><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li>
</ul>
<h2>v4.1.3</h2>
<ul>
<li>Check git version before attempting to disable
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1656">actions/checkout#1656</a></li>
<li>Add SSH user parameter by <a
href="https://github.com/cory-miller"><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1685">actions/checkout#1685</a></li>
<li>Update <code>actions/checkout</code> version in
<code>update-main-version.yml</code> by <a
href="https://github.com/jww3"><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1650">actions/checkout#1650</a></li>
</ul>
<h2>v4.1.2</h2>
<ul>
<li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code>
option is not present <a
href="https://github.com/dscho"><code>@dscho</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1598">actions/checkout#1598</a></li>
</ul>
<h2>v4.1.1</h2>
<ul>
<li>Correct link to GitHub Docs by <a
href="https://github.com/peterbe"><code>@peterbe</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li>
<li>Link to release page from what's new section by <a
href="https://github.com/cory-miller"><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1514">actions/checkout#1514</a></li>
</ul>
<h2>v4.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1396">Add
support for partial checkout filters</a></li>
</ul>
<h2>v4.0.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1067">Support
fetching without the --progress option</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1436">Update to
node20</a></li>
</ul>
<h2>v3.6.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1377">Fix: Mark
test scripts with Bash'isms to be run via Bash</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/579">Add
option to fetch tags even if fetch-depth > 0</a></li>
</ul>
<h2>v3.5.3</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1196">Fix:
Checkout fail in self-hosted runners when faulty submodule are
checked-in</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1287">Fix
typos found by codespell</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1369">Add
support for sparse checkouts</a></li>
</ul>
<h2>v3.5.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix
api endpoint for GHES</a></li>
</ul>
<h2>v3.5.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix
slow checkout on Windows</a></li>
</ul>
<h2>v3.5.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add
new public key for known_hosts</a></li>
</ul>
<h2>v3.4.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade
codeql actions to v2</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade
dependencies</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade
<code>@actions/io</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/0ad4b8fadaa221de15dcec353f45205ec38ea70b"><code>0ad4b8f</code></a>
Prep Release v4.1.4 (<a
href="https://redirect.github.com/actions/checkout/issues/1704">#1704</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/43045ae669be728bd34ed56fcd1a230c0dc4d8e2"><code>43045ae</code></a>
Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> (<a
href="https://redirect.github.com/actions/checkout/issues/1692">#1692</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/37b082107ba410260a3aaddf93122e04801ce631"><code>37b0821</code></a>
Bump the minor-actions-dependencies group with 2 updates (<a
href="https://redirect.github.com/actions/checkout/issues/1693">#1693</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/9839dc14a02ddc6b6995e69eb3ecb98132fc8b6b"><code>9839dc1</code></a>
Add dependabot config (<a
href="https://redirect.github.com/actions/checkout/issues/1688">#1688</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/9b4c13b0bfa31b4514c14f74b5a166c2708f43c6"><code>9b4c13b</code></a>
Bump word-wrap from 1.2.3 to 1.2.5 (<a
href="https://redirect.github.com/actions/checkout/issues/1643">#1643</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/1d96c772d19495a3b5c517cd2bc0cb401ea0529f...0ad4b8fadaa221de15dcec353f45205ec38ea70b">compare
view</a></li>
</ul>
</details>
<br />
Updates `github/codeql-action` from 3.25.2 to 3.25.3
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.3 - 25 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2247">#2247</a></li>
<li>Workflows running on <code>macos-latest</code> using CodeQL CLI
versions before v2.15.1 will need to either upgrade their CLI version to
v2.15.1 or newer, or change the platform to an Intel MacOS runner, such
as <code>macos-12</code>. ARM machines with SIP disabled, including the
newest <code>macos-latest</code> image, are unsupported for CLI versions
before 2.15.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2261">#2261</a></li>
</ul>
<h2>3.25.2 - 22 Apr 2024</h2>
<p>No user facing changes.</p>
<h2>3.25.1 - 17 Apr 2024</h2>
<ul>
<li>We are rolling out a feature in April/May 2024 that improves the
reliability and performance of analyzing code when analyzing a compiled
language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build
mode</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2235">#2235</a></li>
<li>Fix a bug where the <code>init</code> Action would fail if
<code>--overwrite</code> was specified in
<code>CODEQL_ACTION_EXTRA_OPTIONS</code>. <a
href="https://redirect.github.com/github/codeql-action/pull/2245">#2245</a></li>
</ul>
<h2>3.25.0 - 15 Apr 2024</h2>
<ul>
<li>
<p>The deprecated feature for extracting dependencies for a Python
analysis has been removed. <a
href="https://redirect.github.com/github/codeql-action/pull/2224">#2224</a></p>
<p>As a result, the following inputs and environment variables are now
ignored:</p>
<ul>
<li>The <code>setup-python-dependencies</code> input to the
<code>init</code> Action</li>
<li>The
<code>CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION</code>
environment variable</li>
</ul>
<p>We recommend removing any references to these from your workflows.
For more information, see the release notes for CodeQL Action v3.23.0
and v2.23.0.</p>
</li>
<li>
<p>Automatically overwrite an existing database if found on the
filesystem. <a
href="https://redirect.github.com/github/codeql-action/pull/2229">#2229</a></p>
</li>
<li>
<p>Bump the minimum CodeQL bundle version to 2.12.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2232">#2232</a></p>
</li>
<li>
<p>A more relevant log message and a diagnostic are now emitted when the
<code>file</code> program is not installed on a Linux runner, but is
required for Go tracing to succeed. <a
href="https://redirect.github.com/github/codeql-action/pull/2234">#2234</a></p>
</li>
</ul>
<h2>3.24.10 - 05 Apr 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2219">#2219</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.12.5
and earlier. These versions of CodeQL were discontinued on 26 March 2024
alongside GitHub Enterprise Server 3.8, and will be unsupported by
CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2220">#2220</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.12.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.11.6 and 2.12.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.24.10</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.24.10</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<h2>3.24.9 - 22 Mar 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.16.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2203">#2203</a></li>
</ul>
<h2>3.24.8 - 18 Mar 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/d39d31e687223d841ef683f52467bd88e9b21c14"><code>d39d31e</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2262">#2262</a>
from github/update-v3.25.3-ac2f82a1f</li>
<li><a
href="https://github.com/github/codeql-action/commit/a7278252c70477c10a79034dae40a279c9a93c81"><code>a727825</code></a>
Move changenote to most recent section</li>
<li><a
href="https://github.com/github/codeql-action/commit/1efa8597b1a91824d046c53d4c10d77968957df1"><code>1efa859</code></a>
Update changelog for v3.25.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/ac2f82a1ffdc5b61472756d5f098a9acf079c7bb"><code>ac2f82a</code></a>
Log warning if SIP is disabled and CLI version is < 2.15.1 (<a
href="https://redirect.github.com/github/codeql-action/issues/2261">#2261</a>)</li>
<li><a
href="https://github.com/github/codeql-action/commit/0ad7791640e0365754b29776b989bb8a341a45e9"><code>0ad7791</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2247">#2247</a>
from github/update-bundle/codeql-bundle-v2.17.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/79d9ee7f07f81f562eade2095cbd714baeda85d8"><code>79d9ee7</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.17.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/dbf2b1706b768069fb1bb2dd2d8552be7a9e2a51"><code>dbf2b17</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2255">#2255</a>
from github/mergeback/v3.25.2-to-main-8f596b4a</li>
<li><a
href="https://github.com/github/codeql-action/commit/ff6a3c42a5824cbebd4b5610db68760f3896540a"><code>ff6a3c4</code></a>
Update checked-in dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/619dc0c4b85a2de48427e29571874d67419d901f"><code>619dc0c</code></a>
Update changelog and version after v3.25.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/39e1e6509e99d33f40a3508d4d56f24f29f37dcf"><code>39e1e65</code></a>
Add changelog note</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/8f596b4ae3cb3c588a5c46780b86dd53fef16c52...d39d31e687223d841ef683f52467bd88e9b21c14">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
lha: Fix integer truncation on 32 bit systems (#2161)
The comp size could be around INT_MAX on huge archives, which would lead
to eventual integer truncation to size_t in archives with version 1
headers when fixed value 2 is added to comp_size on 32 bit systems.
This fix is a no-op on 64 bit systems because size_t and uint64_t are of
same size there.
If an RPM file contains a huge header which is larger than 4 GB then
libarchive starts parsing the RPM header as actual archive instead of
skipping it.
Switched to uint64_t from size_t for proper 32 bit support as well.
When working with matches, the code does not care about the actual
amount of times when it matched, but just if it matched so far at least
once or never.
Turning the counter into a boolean flag has the advantage that even
insanely huge archives will never lead to integer overflow here.
archive_match: check archive_read_support_format_raw() return value (#2153)
If call of archive_read_support_format_raw fails, do not override the
error return value with the return value of
archive_read_support_format_empty(). Instead, return error code as expected.
Wei-Cheng Pan [Sun, 28 Apr 2024 21:50:22 +0000 (06:50 +0900)]
fix: OOB in rar delta filter (#2148)
Ensure that `src` won't move ahead of `dst`, so `src` will not OOB.
Since `dst` won't move in this function, and we are only increasing `src`
position, this check should be enough. It should be safe to early return
because this function does not allocate resources.
projects / thirdparty / libarchive.git / log
